On Mon, 2005-01-10 at 10:31 -0600, wayne wrote:
By the 'most recent sender', do you mean that you think it is 'good
enough' to require mailing lists to re-sign their traffic?
No, that wouldn't be good enough -- if the list is unaware of the
signature scheme, then it's entirely unrealistic to expect it to re-sign
messages.
That's the whole point in the 'most recent sender' bit -- you use the
latest of the Sender: or Resent-Sender: addresses, not always the From:
address.
If I send a message to the list, and the list software sends that same
mail out again, then the most recent sender is the list address (e.g.
owner-ietf-mailsig(_at_)mail(_dot_)imc(_dot_)org). There's no reason for that
message to
be re-signed by the list merely because _I_ have elected to sign all
outgoing messages and have published my intention to do so. I am not the
most recent sender; the list is. Thus, it's its policies which are
relevant, not mine.
--
dwmw2