I went through -01 again.
Basically, it's fine. There's a few places where it says things that
are out of scope of DKIM. A signature either verifies or it doesn't,
and there's nothing inherently good or bad about that.
RFC 4871 carefully describes the way one verifies a signature, and
that process does't include attempts to guess what alternate form of a
message with a broken signature might have been signed. (Even Mike
admits it's against the rules when he does that.) A broken signature
is the same as no signature.
ADSP has some fairly specific advice about when not to use discardable,
which is relevant here.
Hence:
Sec 3.2 2nd pp on page 9: "most direct conflict operationally with DKIM" ->
"widest range of possible interactions with DKIM" or something like that.
I don't see any confict at all.
Sec 3.3 "the addition of some list-specific text to the top or bottom of
the message body." -> "modification of the message body." Lists do a
lot more than add tag lines, as described in subsequent paragraphs.
under Minor body changes: "pose an immediate problem" -> "will probably cause
any existing signatures not to verify." Broken signatures are not a
problem.
under Major body changes: delete "with little or no hope of
compensation by either the signer or the verifier." There's no
such thing as compensation beyond relaxed canonicanization,
which isn't relevant here
after "human list manager" add "who hand-edits messages" (that would be me)
next pp starting "In general", change first sentence to:
In general, an MLM subscriber cannot expect signatures applied before
the message was processed by the MLM to be valid.
Sec 3.4 2nd pp: delete sentence starting "The shortest path" Personally, I
think the shortest path is for the MLM's MTA to sign its outgoing
mail, but I don't think we have consensus either way, so just take
it out.
Last pp in 3.4: even if there were a new header, few MUAs would interpret
it. Suggest taking out "Rather than ... purpose" since it's not a
realistic alternative.
Section 4.1: There's no reason not to sign all the mail you send to a list.
Even if the MLM breaks the signature, the MLM itself can use the
signature when deciding how to handle the message. The implication
in the first paragraph that a broken signature is worse than no
signature is just wrong according to 4871. Also, [ADSP] says in
Appendix B not to send mail to lists from discardable domains. So
I suggest replacing the first paragraph with a sentence or two
encouraging people to sign mail sent to lists the same way they
sign mail to anyone else. In the second pp, change "If this is cause
for concern" to "For domains that publish strict ADSP policies"
Section 4.2: channelling Dave, standards shouldn't suggest heuristics.
So change the second sentence to something like "Sites whose users
subscribe to non-participating MLMs should be prepared for
legitimate mail to arrive with no valid signature, just as it
always has in the absence of DKIM."
Section 4.3: I'd just delete it. The second pp is OK, but people using
DKIM are supposed to know that already, aren't they?
Section 5.1: I'd strengthen it to say that since people aren't
supposed to send mail to lists from discardable domains in the
first place, lists should reject it or perhaps (for people who've
already subscribed so you know it's not spam blowback) drop the message
and send back a note explaining why.
Section 5.2, second pp: I don't understand the point of creating a
separate signing domain for mail you send to lists. Why would the
reputation of mail that people send to lists be better or worse than
mail they send anywhere else? It's the same people, I don't see the
point of a separate mailstream. ADSP isn't a good reason, since
it says not to use discardable for domains with human senders.
The third pp suggests that you're telling people to separate their
human mailstream from their transactions and their spam blasts. If
that's what you mean, I agree, but I'd encourage you to trim down
the section and reword it to say so more clearly.
In Section 5.4, either delete it or add a sentence at the front that
says THE ADVICE IN THIS SECTION IS SOLELY INTENDED TO WORK AROUND
BRAIN DAMAGE IN FILTERS THAT DO NOT IMPLEMENT DKIM ACCORDING TO THE
SPECIFICATIONS.
(Well, adding an A-R header isn't, but removing signatures that
might be broken sure is.)
In Section 5,5, add a ref to [ADSP] Appendix B.5 which says not to
send discardable mail to lists.
In Section 5.6, first pp: add a sentence noting that recipient system
will likely use the MLM's signature to recognize list mail and
develop a (presumably good) reputation for the list itself.
In Section 5.7 add to the end "if senders misuse ADSP" or the like.
Section 5.9, second pp: change to
Receivers are advised to ignore Authentication-Results
header fields that are not signed by a credible signer.
(Bad guys can sign fake A-R headers.)
Section 5.9, third pp: if a message fails "discardable" the receiver
should discard it, not reject it. This avoids the bouncing off the
list problem, and you're just following orders -- they said it was
discardable, after all.
Sections 6, 7, 8, and 9 are flawless.
R's,
John
PS: If I didn't say so before, thanks for all the work you've put into
this.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html