On 08/03/2010 02:13 PM, Bill(_dot_)Oxley(_at_)cox(_dot_)com wrote:
When I receive an email from DKIM mailing list, I know that it may contain
messages from Dave Hector John Doug et all but in my mind the from is DKIM
mailing list. The only dkim sig I am interested in is
ietf-dkim(_at_)mipassoc(_dot_)org and if I bothered to check adsp for
etf-dkim(_at_)mipassoc(_dot_)org I wouldnt waste time checking any other
signatures/adsp assertions from participants as I see a mailing list as an
aggregator.
Again, I am not talking about ADSP.
If I was designing mailing list software I would strip any incoming headers
that made any assertions about the authors, sign the pile with my dkim sig
and forward as designed. I would be asserting that
etf-dkim(_at_)mipassoc(_dot_)org is the author/aggregator not a forwarding
service. Trying to have 3rd party in a hands off transaction assert or check
that the authoring party may be who they say they are and making decisions
upon adsp discardable that may or may not be valid is beyond any sensible
solution.
thanks, now back into lurk mode
Trusting the MLM may be possible for you personnly for this particular
mailing list, but your choice is not scaleable to the Internet at large.
Or is the general consensus that (in the long run) the reputation of the
MLM domain is sufficient for the verifier/receiver of MLM distributed
mail? I don't read that in the draft.
/rolf
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html