[ietf-dkim] Clarifying DKIM (etc.) expectations for mailing lists in the face of digests
dhc at dcrocker.net
Wed Aug 4 14:52:00 PDT 2010
On 8/4/2010 2:44 PM, Rolf E. Sonneveld wrote:
>> Phrased differently, the question I am asking is:
>> A mailing list digest does not preserve DKIM signatures from (any of) the
>> original messages, and this appears to be acceptable to the community.
> Are you sure it is acceptable to everyone, or does the community take it as it
That's a fair question, and frankly I doubt much of the community is even aware
of the issue. So really I'm making an assumption.
Given that it is impossible to preserve the signature, when the message is
embedded in another message, I'd be inclined to say that we need to see evidence
from the community that that's not acceptable.
> I agree with you that there should be no difference regarding the treatment
> of the original DKIM signature, whether the message arrives in digest form or
> not. I'm still not convinced that the original DKIM signature is not relevant
> for the verifier of the message at the receiver side.
If they cannot verify the signature and the specification says to treat
unverified signature the same as having no signature, then anything else the
receiver chooses to do is outside of the specification.
> The tension that there is between the MLM being a User Actor and being a
> Mediator is illustrated with the following text you wrote in RFC5598:
I don't understand what you mean by "tension". A Mediator is a type of User
Actor. It is not a Relay.
>> RFC5322 <http://tools.ietf.org/html/rfc5322>.Reply-To: Set by - Mediator or original Author
>> Although problematic, it is common for a Mailing List to assign
>> its own addresses to the Reply-To: header field of messages
>> that it posts. This assignment is intended to ensure that
>> replies go to all list members, rather than to only the
>> original Author. As a User Actor, a Mailing List is the Author
>> of the new message and can legitimately set the Reply-To:
>> value. As a Mediator attempting to represent the message on
>> behalf of its original Author, creating or modifying a
>> Reply-To: field can be viewed as violating that Author's
> If we look at the MLM as being a User Actor, then I agree that we should not
> care about the original DKIM signature. If however we consider the MLM as a
> Mediator, we should probably care about the original DKIM signature.
> Is there consensus that in the context of an MLM the original DKIM signature can
> be dropped and we should not care about it?
More information about the ietf-dkim