ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Mailing lists and signatures (fwd)

2010-08-21 10:42:05
John R. Levine wrote:

Yes, I am a nitwit, but you knew that.  This time I'll tell 
Alpine to sign it with S/MIME.
....

John,

For your reposted message with Alphine, I am still not seeing any 
S/MIME based certified mail indicator in Thunderbird 2.0.

What I do see an a single attachment (part 1.2) with the "Note Well" 
block.

The only "stars" I see is under Thunderbird 3.0 and they are next to 
the From: and To: address in the message view header display block and 
thats because the addresses are in my contact list as people I have 
sent mail to or added to my contact list.

    From: John (star)
    To: DKIM List (star)

I believe TBIRD 3.0 uses this as a "white list". I believe I saw that 
as an option in 3.0 somewhere when I installed in with the last 6 
months (but I don't like it - too slow for me, so I remained with 
TBIRD 2.0 usage).

I do see on occasion a "Gold" Certified mail star from various people, 
so I know the MUA supports it.  But not with this message of yours 
created with Alpine.

In any case, I think we should take a step back and critically think 
about any suggestions regarding S/MIME.  I think it is a bad idea to 
introduce another dependency, especially if its an out of scope idea.

But as a software guy, I am all about protocol consistency and I see 
one approach to this.  This might be a new I-D:

        Using S/MIME as a DKIM verification indicator for MUAs.

When a MTA or MLS DKIM verifier successfully validates a message using 
whatever means, to help "expose" this DKIM validation to the MUA, it 
may consider adding a S/MIME certification MIME blocks to the resigned 
message.

I'm not sure what are all the bindings in a S/MIME signed message at 
this moment, so this may not be workable for a LIST distribution. But 
it appears that it might work and may require the automated creation 
of self-asserting S/MIME certificates for DKIM resigner message stamping.

The nice thing about this is that many MUAs do support S/MIME, so 
maybe an augmented DKIM idea can take advantage of that, but it should 
the MTA that does this and not depend on all original mail authors 
using S/MIME to sign their mail first in their MUAs.  Maybe the I-D 
can include a provision for recommending a MSA for adding it - but 
isn't that somewhat what DKIM is all about here?

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com



_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html