[ietf-dkim] dkim-lists draft (was Re: Why mailing lists should strip DKIM signatures)
chl at clerew.man.ac.uk
Tue Jun 1 12:53:26 PDT 2010
On Tue, 01 Jun 2010 08:59:41 +0100, Murray S. Kucherawy
<msk at cloudmark.com> wrote:
> Please, folks, change the Subject: field for the ADSP-specific part of
> this discussion.
OK, that old thread had gotten very ragged.
Unfortunately, I got around to reading your draft only recently, so I seem
to have missed your deadline :-( .
My main comment is in relation to whether the old, failing, DKIM signature
should be removed or not. You gave an example of where it was removed, but
none where it was retained, and no real arguments pro or con either.
So here is my case for why it should be retained. (I think we agree that
if the list has not actually broken the original signature, then it is
best left even if the MLM provides an additional one).
Suppose the MLM changes the signature so as to break the Old signature,
and provides an A-R header to say it was OK as received, and provides a
New signature including the A-R. That much seems agreed as Good Practice.
Now suppose he leaves the Old signature intact. Will subsequent agents be
confused? Not if they follow the standards, because an unverifiable
signature is SUPPOSED to be treated the same as an absent signature (which
is the other possibility under consideration). So, on that basis, any
compliant verification agent SHOULD act the same whether is sees a broken
Old Sigbature on no Old signature at all. (i.e. it should discard in both
cases, or else try to make sense of the New signature, plus any List-*
headers that may be around.
1. So the only downside of leaving the Old signature should be where an
over-eager verifier tries to be clever and to treat failed signatures
differently from absent ones - and for sure there will be such
non-compliant verifiers around whether we like it or not.
2. OTOH, the is an upside in leaving the Old signature, insofar as it may
help diagnose what has been going wrong (or whatever). Moreover some smart
verifier that really wanted to be helful to its list readers (most likely
one attached to the recipients MUA) might even try to reverse engineer
the changes made by the MLM, and recheck the signature (which, for a
particular list recognized by the recipient or his MUA might actually be
So we have to balance the problems introduced by would-be-smart verifiers
that were non-standard compliant against other would-be-smart verifiers
that might be able to use it. It is not obvious to me which way that
balance goes, except to observe that is is usually NOT a good idea to
destroy information that might be useful to someone.
Having said all that, I have a new proposal to solve this problem, which
is that MLMs should actually change the From header. I think this has
possibilities, but I have not had time to work out the details yet, so
please Watch This Space!
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim