John R. Levine wrote:
We've had a lot of arguments about the importance of verifying the
identity of contributors to mailing lists. If you think that's important,
take a look at this message.
Even though Mailman has added a subject line tag and a message footer, the
S/MIME signature still verifies, and your MUA should show a green star or
whatever, at least once you've told it to import my S/MIME cert. Mailman
automagically wrapped the multipart/signed in multipart/mixed. And the
signing cert has both my full e-mail address and my True Name.
Sorry John, I don't see any "green star" or any other form of
certified mail indication in Thunderbird our Outlook. There is also no
5322 based S/MIME parts in the source message. Any evidence of that
expectation by you has been stripped and cleaned at the scene of the
crime.
So I suggest we update the DKIM MLM draft to take out all the stuff about
signatures surviving lists, and just say that if it's important for your
signature to survive, S/MIME already does that, with a suitable pointer.
+1 for removal of any suggestions that broken ADSP protected
signatures can be restored without conflict.
-1 for adding any reference to S/MIME. I don't think it is a good
idea to further complicate this by adding another unnecessary protocol
interface engineering requirement.
What is ironic is that this message of your 100% exemplifies all the
concerns and also benefits POLICY proponents have been advocating.
You had an expectation for mail operations, a POLICY regarding S/MIME
expectations, yet that expectation failed.
Allow people to expose that expectation using standard methods, and
"receivers" will begin to honor it.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html