ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Straw poll results

2010-08-09 14:06:03

Hi John,

I think I generally agree with the overall conclusion that expecting
signatures to verify after list processing isn't worth the effort,
but I'm not sure your logic below is sound...

On 09/08/10 18:45, John Levine wrote:
In article 
<548B10A3A5FCF3025A4B5508(_at_)lewes(_dot_)staff(_dot_)uscs(_dot_)susx(_dot_)ac(_dot_)uk>
 you write:
However, if there's a need to trust the original sender, and you don't 
quite trust the list to get that right for you, ...

It appears that we can discard this concern as counterfactual.  I
asked how people sort their list mail, and here's what I found:

  From: address       0.5  (Steve said he sorts on both from and list)

  List ID or similar: 8.5

  To: or Cc:.         3 (approximation to sorting by list name)

  rcpt-to address:    1 (unique address per list, I gather)

The overwhelming majority sort list mail by the identity of the list,
not by anything else.  The one person who sometimes sorts by From:
said that verifying the address wasn't an issue.

Unless people can offer real life examples of situations where they
remotely verify the identity of list contributors beyond using the
name or address on the From: line, I hope we can put this meme of
preserving incoming DKIM signatures to bed permanently.

You're assuming that how end-users sort list messages is the same
as how DKIM verifiers might operate on list messages. Is that a
good assumption? Or do you mean something else when you say
"sort"?

(Just asking, and not as chair or anything:-)

S.


I realize there's all sorts of hypothetical situations one might
imagine, but since we have over three decades of actual list practice,
it seems unlikly that any important model of list usage isn't already
in use somewhere now.

R's,
John

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html