[ietf-dkim] list vs contributor signatures, was Wrong Discussion
steve at wordtothewise.com
Mon May 10 12:09:28 PDT 2010
On May 10, 2010, at 11:59 AM, John R. Levine wrote:
>> Apart from ADSP rules, a broken signature must be treated as if there was no
>> signature at all. That in itself is not the problem. The problem with broken
>> signatures is that people will not buy into a technology (DKIM) if it will
>> not cover a significant part of their e-mail.
> Of course. That's why MLMs should sign their mail, or equvalently the MSA
> they use should sign it. Problem solved, right?
> Free bonus: MLMs can sign the list mail even if the contributor didn't
> sign it.
+1. It's pretty much a non-issue (unless you believe that DKIM is
magic fairy dust that will prevent all "fraudulent use of your brand").
It'd be nice if mailing lists didn't go out of their way to delete or
invalidate existing signatures, but if they happen to invalidate the
signature inbound it doesn't really break anything any sensible recipient
will be relying on, especially if the list signs all the mail it emits.
(I'd be much more concerned if the same issues cropped up with
end-user forwarding services, like acm.org, but they seem much
less likely to invalidate signatures than discussion lists.)
More information about the ietf-dkim