ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] one more round of the inane mailing list argument, was DKIM Japan has been set up

2010-11-24 10:52:36
from [Ian Eiloart] [Permanent Link] 


--On 24 November 2010 10:42:01 -0500 "John R. Levine" 
<johnl(_at_)iecc(_dot_)com> 
wrote:


This really does need to be a FAQ.


DKIM works just dandy, when lists sign their mail like this one does.



Unless the intermediary co-operates by re-signing, mailing lists can
break  DKIM signatures.


Quite true.  But broken signatures are only a problem in a mutant version
of DKIM unlike the one specified in RFC 4871, so it's not a problem.


That depends on whether a loss of an opportunity is a problem. When you 
break a signature, the recipient loses the opportunity to apply reputation 
information to the message, or to use the message to update their 
reputation database. The sender loses the opportunity to benefit from any 
reputation that they've built.

If breaking one signature isn't a problem *at all*, then perhaps breaking 
all signatures isn't a problem. By extension, loss of the DKIM project 
wouldn't be a problem.

Of course, I don't believe that. I think DKIM has value, and the better the 
uptake the higher the value. Broken signatures are equivalent to lower 
uptake.


but you do lose the ability to assign signer domain based reputation
to the message.


Unless, of course, the list signs like this one does.


Yes, I think that "Unless, of course, the list signs" has the same meaning 
as "Unless the intermediary co-operates by re-signing". So I think we're 
agreed there.


I don't see any reason to think it's less likely that lists sign than 

that list

contributors sign.  Do you?  Concrete numbers would help here.


I don't see any reason to think that. However, my inbound mail stream 
(after filtering) mostly comes from domains that have SPF (about 90% 
passing), but a bit under half carries a DKIM signature (about 90% intact). 
So, for me, DKIM is a fallback to look at when an SPF test doesn't pass.



Anecdotes: all the Yahoogroups lists sign.  All of my lists sign.

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet 
for
Dummies",
Please consider the environment before reading this e-mail. http://jl.ly




-- 
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] one more round of the inane mailing list argument, was DKIM Japan has been set up, Stephen Farrell
Next by Date:  [ietf-dkim] SPF/DKIM complementary failure scenarios?, Dave CROCKER
Previous by Thread:  Re: [ietf-dkim] one more round of the inane mailing list argument, was DKIM Japan has been set up, Stephen Farrell
Next by Thread:  [ietf-dkim] SPF/DKIM complementary failure scenarios?, Dave CROCKER
Indexes:  [Date] [Thread] [Top] [All Lists]