[ietf-dkim] Re: ISSUE: Better definition of
"DKIM signing complete" required
Charles Lindsey
chl at clerew.man.ac.uk
Tue Nov 28 05:04:25 PST 2006
On Mon, 27 Nov 2006 17:43:33 -0000, Hector Santos <hsantos at santronics.com>
wrote:
> Charles Lindsey wrote:
>> AFAICS, a List Expander has the following options:
>> 1. Ignore DKIM. Pretend it doesn't exist.
>> The result of that is that list members (or their ISPs) will start
>> regarding some messages with "suspicion", and maybe drop them. List
>> members wll not be pleased.
>> 2. Refuse to subscribe (as contributors) sites with exclusive SSP
>> policies.
>> Will work, but will piss off people from such domains who want to
>> participate.
>> 3. Manage the list so that signatures still work after passing through.
>> I.e. don't change 'critical' headers, don't add stuff at the end of
>> bodies, etc.
>> 4. Resign all messages yourself.
>> Essentially, you are saying "I realise I may have broken the
>> existing signature, but I assure you I verified the original signature
>> and checked that it complied with the sender's SSP, and my new
>> signature encompasses an X-verified header I added to testify to those
>> checks. Trust me! I am a Good Guy!"
>> And then you hope that your reputation is good enough that your
>> highly suspicious recipients will indeed believe that you are a "Good
>> Guy".
> The 5th item is STRIP and RESIGN as 3rd party
>
> The 6th item is STRIP and RESIGN as 1st party in behalf of the original
> domain.
The difference in those last two is that they STRIP the old signature, I
presume? Why should that help? Throwing away possibly useful information
is not usually beneficial.
The last one, presumably, requires cooperation between the list admin and
the original domain. Fine if that can be arranged, and if a highly
sensitive original domain knows that it, or its users, partakes in some
particular list, then well worth setting up. But too much to expect for
the average domain and the average list.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim
mailing list