--On 18 May 2010 14:55:14 +0200 Alessandro Vesely <vesely(_at_)tana(_dot_)it>
wrote:
On 18/May/10 07:08, John Levine wrote:
A DKIM-aware resending MLM is encouraged to sign the entire
message as it arrived, especially including the original
signatures.
Would I as an MLM want to resign a message that I received that itself
was not signed? Do I want to confer more authority to that message than
is warranted?
Yes, of course. The signature means that this message really truly
came from the mailing list, as opposed to being a random piece of spam
that happened to resemble list mail.
+1. However, may I ask how does the verifier know which signature is
the one that belongs to the list? I can think of
* look at the MAIL FROM domain, à la SPF (breaks forwarding),
* have the list's domain in a white list (requires maintenance),
* use some of the "List-*" fields (which one?)
It'll be the one that's not broken, I presume. If there's more than one
unbroken signature, I guess the signing domain might want to match the
list-id header.
Apparently, section 5.4 doesn't cover this point.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html