Boy, this list has been noisy of late.
I've been too overwhelmed to pay attention to every message, but from
what I can see, it's a resurgence of the argument between those who
wanted ADSP/SSP to be simple and those who wanted "third-party signing"
support. (Plus a third faction that just wants things to calm down.)
Now, at present, ADSP is near useless, because of the mailing-list
problem. (And this is compounded by the ambiguity over what "all"
really means.) The 3PS folks are citing this as a sign that the
simple-policy folks, who won before, were wrong.
But hold on a minute: The "third party signing" problem and the mailing
list problem are *not the same*. The latter is a narrower use case.
It's not even a subset of literal "third party signing", since any
complete solution must accomodate third parties who *do not sign* ---
mailing lists that are completely DKIM-ignorant.
(Yes, I know any accomodation of legacy lists makes it much much easier
to pull off a successful forgery. But as the alternative is
"dkim=unknown", it's no loss. An intermediate signal, meaning that
mailing lists are the only way the signature can break, would be very
helpful to recipients who know what they are subscribed to.)
Sure, you can try to force all mailing lists to go through some signing
ritual. But if the mailing lists were that willing to bend to
accomodate DKIM, they could already accomodate the published RFCs by
rewriting the From: on the messages they forward.
---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html