----- Original Message -----
From: "Barry Leiba" <barryleiba(_at_)computer(_dot_)org>
To: "t.petch" <daedulus(_at_)btconnect(_dot_)com>
Cc: "ietf" <ietf(_at_)ietf(_dot_)org>
Sent: Friday, July 29, 2011 5:02 PM
I think that it is an error for the IETF to add DKIM signatures. They do
indeed
tell me
which intermediary has sent me the mail, but does nothing for the 'spam' that
the
intermediary accepted in the first place (albeit there being little of that on
the IETF
managed lists).
...
It functions, but does not work, in that it tells me nothing about the true
origin of the communication.
What it does is allow you to assure yourself that the message was,
indeed, from an IETF mailing list (well, from an IETF email server),
and that it wasn't that someone tried to spoof that. That, in turn,
allows you to confidently increase your trust that the message is not
spam in proportion to your confidence in the IETF's spam-filtering
capabilities.
Some of us, at least, find that useful. Some of us might even
completely white-list IETF-signed messages. You can make your own
choice on that.
<tp>
Yes, I do understand that - having read the first round of DKIM RFC
when they came out all those years ago - and do see it as a useful
tool for improving the security of e-mail and I should have made
that clearer in my first e-mail.
Sadly, I do not see it being used in the mailing lists where an
organisation is sending me directly data I would like to be able to rely on
- which I think fits the applicability well - and instead, I see it
being used on a mailing list such as those in the IETF where I
believe that the costs outweigh the benefits - and I have no choice
about that:-(.
Tom Petch
Barry, DKIM WG chair
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf