On 8/4/2010 2:44 PM, Rolf E. Sonneveld wrote:
Phrased differently, the question I am asking is:
A mailing list digest does not preserve DKIM signatures from (any of)
the
original messages, and this appears to be acceptable to the community.
Are you sure it is acceptable to everyone, or does the community take it as it
is?
That's a fair question, and frankly I doubt much of the community is even aware
of the issue. So really I'm making an assumption.
Given that it is impossible to preserve the signature, when the message is
embedded in another message, I'd be inclined to say that we need to see
evidence
from the community that that's not acceptable.
I agree with you that there should be no difference regarding the treatment
of the original DKIM signature, whether the message arrives in digest form or
not. I'm still not convinced that the original DKIM signature is not relevant
for the verifier of the message at the receiver side.
If they cannot verify the signature and the specification says to treat
unverified signature the same as having no signature, then anything else the
receiver chooses to do is outside of the specification.
The tension that there is between the MLM being a User Actor and being a
Mediator is illustrated with the following text you wrote in RFC5598:
I don't understand what you mean by "tension". A Mediator is a type of User
Actor. It is not a Relay.
RFC5322 <http://tools.ietf.org/html/rfc5322>.Reply-To: Set by -
Mediator or original Author
Although problematic, it is common for a Mailing List to assign
its own addresses to the Reply-To: header field of messages
that it posts. This assignment is intended to ensure that
replies go to all list members, rather than to only the
original Author. As a User Actor, a Mailing List is the Author
of the new message and can legitimately set the Reply-To:
value. As a Mediator attempting to represent the message on
behalf of its original Author, creating or modifying a
Reply-To: field can be viewed as violating that Author's
intent.
If we look at the MLM as being a User Actor, then I agree that we should not
care about the original DKIM signature. If however we consider the MLM as a
Mediator, we should probably care about the original DKIM signature.
Is there consensus that in the context of an MLM the original DKIM signature
can
be dropped and we should not care about it?
/rolf
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html