ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Clarifying DKIM (etc.) expectations for mailing lists in the face of digests

2010-08-04 16:47:24
from [Rolf E. Sonneveld] [Permanent Link] 
Dave,

On 08/04/2010 11:10 PM, Dave CROCKER wrote:


On 8/4/2010 2:01 PM, John Levine wrote:

There's a scenario where a spammer/phisher sets up a mailing list,

...

I don't see how this poses any new problems.


More to the point is that this attack does not appear to be relevant to the
question I asked.

Phrased differently, the question I am asking is:

     A mailing list digest does not preserve DKIM signatures from (any of) the
original messages, and this appears to be acceptable to the community.
Are you sure it is acceptable to everyone, or does the community take it as it is? I agree with you that there should be no difference regarding the treatment of the original DKIM signature, whether the message arrives in digest form or not. I'm still not convinced that the original DKIM signature is not relevant for the verifier of the message at the receiver side.
The tension that there is between the MLM being a User Actor and being a Mediator is illustrated with the following text you wrote in RFC5598: 


       RFC5322  <http://tools.ietf.org/html/rfc5322>.Reply-To:  Set by - 
Mediator or original Author

          Although problematic, it is common for a Mailing List to assign
          its own addresses to the Reply-To: header field of messages
          that it posts.  This assignment is intended to ensure that
          replies go to all list members, rather than to only the
          original Author.  As a User Actor, a Mailing List is the Author
          of the new message and can legitimately set the Reply-To:
          value.  As a Mediator attempting to represent the message on
          behalf of its original Author, creating or modifying a
          Reply-To: field can be viewed as violating that Author's
          intent.
If we look at the MLM as being a User Actor, then I agree that we should not care about the original DKIM signature. If however we consider the MLM as a Mediator, we should probably care about the original DKIM signature.
Is there consensus that in the context of an MLM the original DKIM signature can be dropped and we should not care about it? 

/rolf

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Clarifying DKIM (etc.) expectations for mailing lists in the face of digests, Dave CROCKER
Next by Date:  Re: [ietf-dkim] Clarifying DKIM (etc.) expectations for mailing lists in the face of digests, Murray S. Kucherawy
Previous by Thread:  Re: [ietf-dkim] Clarifying DKIM (etc.) expectations for mailing lists in the face of digests, Dave CROCKER
Next by Thread:  Re: [ietf-dkim] Clarifying DKIM (etc.) expectations for mailing lists in the face of digests, Dave CROCKER
Indexes:  [Date] [Thread] [Top] [All Lists]