[ietf-dkim] list vs contributor signatures, was Wrong Discussion
John R. Levine
johnl at iecc.com
Fri Apr 30 05:02:44 PDT 2010
>> I just don't see a plausible scenario where you you know you trust the
>> list but still want to accept or reject mail based on assertions the
>> list itself makes.
> How about you trust the list, and it says the inbound message wasn't
> signed? The list has left the value judgement to the recipient.
I've been using mailing lists for 35 years, and I cannot recall any where
the list manager threw up his hands and didn't manage the list's contents.
The conceptual model of mailing lists has been consistent for decades: the
list picks mail to pass along using whatever manual or automated process
it uses, and subscribers accept the mail the list sends. I don't see the
point in trying to retroactively redefine the ways that lists work to try
to shoehorn them into the limits of poorly desiged security add-on.
See "forgery" for another example of the same newthink, in which the SPF
crowd tried to persuade the world that SPF's failure to handle long
established forwarding models was the fordwarders' fault.
More information about the ietf-dkim