On 08/03/2010 03:03 AM, Rolf E. Sonneveld wrote:
With this situation in mind, I wrote my proposal, to provide the
verifier on the receiving side with a means to verify the original DKIM
signature.
Rolf,
When we wrote our dkim implementation, we did a bunch of work within the
existing DKIM framework (using l= and z=) that allowed us to get most
original signatures to reverify through mailing lists (~95%). No work
needed on the mailing list software at all. What you're proposing would
be close to 100% reverify rate of the lists that choose to implement
what you're proposing. Right now that's 100% * 0% :) But even if it
was accepted and caught on, it would still be a *very* long time before
you got to anywhere close to what we achieved. Maybe this would be good
for the pathological cases, but it probably wouldn't be good enough to
trust for, say, ADSP-discardable or any other indicator/service that
said that you should treat unsigned/broken signatures harshly.
I guess the meta question here is what the purpose is you have in mind.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html