On 5/24/2021 7:03 AM, John Levine wrote:
It appears that Kaspar Etter <kaspar(_at_)ef1p(_dot_)com> said:
2. List-Name header field: Mailing lists shouldn’t rewrite the messages of
others and break DKIM signatures in the process.
Sorry, but this shows some serious misunderstandings about both DKIM and
mailing lists.
DKIM is a transport signature, which in this case shows that the message was
sent from the author
to the mailing list system.
Since DKIM is often misunderstood -- and especially with beliefs that go
far beyond what it actually does -- it is important that we be very
careful in its description.
Although DKIM is, indeed, applied and interpreted by operators rather
than users, it is /not/ a transport mechanism.
DKIM does not know or care about sessions or transport (for any
definition of transport.) DKIM is an object-level mechanism. At an
architectural level, it is comparable to OpenPGP and S/MIME, though of
course its semantics and algorthms are wholly different.
In technical terms, DKIM actually /can/ be created and processed by
end-user software. That it isn't is a matter of operational
preferences, rather than technical design.
Further, DKIM does not say anything at all about the author. Nothing.
Nada. Some signers have stringent policies that well might permit
making assessments relative to the author, but that is fully and
completely outside the DKIM specification.
List apply their own DKIM signature on the mail they send.
Mailing lists have been editing messages for 40 years, long before anyone
ever thought of DKIM or DMARC.
Yup.
Any attempt to pretend that 'we' can dictate much to the list 'them' has
proven to be a non-starter. For ever.
The whole point of ARC is to provide recipient systems with info to help
recognize when they should
ignore DMARC and deliver mail from lists and other legitimate senders that
don't happen to match the
assumptions that DMARC makes.
Yeah. No. It does not say you can ignore DMARC.
Rather it says that the list that broke DMARC is reporting what their
DMARC evaluation was. If you trust that list's reporting, then indeed
you can very much pay attention to DMARC.
That is, the main motivation for ARC is to provide a plausible basis for
paying attention to DMARC, even when its underlying authentication
mechanism are broken by the time they show up at the receiver.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp