[ietf-dkim] Wrong Discussion - was Why mailing lists should strip DKIM signatures
McDowell, Brett
bmcdowell at paypal.com
Mon Apr 26 10:36:30 PDT 2010
On Apr 23, 2010, at 6:28 PM, Murray S. Kucherawy wrote:
> Something like: X sends to a list at Y that then relays to Z; Z trusts Y to implement DKIM and Authentication-Results and all that properly, so Z believes Y when it says "X had a signature on here that verified" even if X's signature on arrival at Z is either invalid or absent.
That's interesting. Let's make this concrete... I'll use myself as an example.
X = me/PayPal.com
Y = this list/ietf-dkim at mipassoc.org
Z = Google's Gmail service [1]
It is my assumption that someone subscribed to this list has a gmail.com account (or a Yahoo.com account [2]). Therefore, my use case is simple. I would hope that those of you reading this from your Gmail or Yahoo! accounts actually receive this message. If Z breaks the signature, you won't see this.
So if it simply isn't practical to expect lists to maintain the signature, then offering the option for the list to validate the signature coming from X and send a new signature to Z that Z *can* (but doesn't have to) "trust", is something immediately useful.
Murray, is this what you discussed supporting in IETF #77? If yes, what's the status?
-- Brett
[1] https://www.thepaypalblog.com/2008/07/google-joins-th/
[2] https://www.thepaypalblog.com/2007/10/yahoo-paypal-an/
More information about the ietf-dkim
mailing list