[ietf-dkim] Straw poll results
stephen.farrell at cs.tcd.ie
Mon Aug 9 11:25:12 PDT 2010
I think I generally agree with the overall conclusion that expecting
signatures to verify after list processing isn't worth the effort,
but I'm not sure your logic below is sound...
On 09/08/10 18:45, John Levine wrote:
> In article <548B10A3A5FCF3025A4B5508 at lewes.staff.uscs.susx.ac.uk> you write:
>> However, if there's a need to trust the original sender, and you don't
>> quite trust the list to get that right for you, ...
> It appears that we can discard this concern as counterfactual. I
> asked how people sort their list mail, and here's what I found:
> From: address 0.5 (Steve said he sorts on both from and list)
> List ID or similar: 8.5
> To: or Cc:. 3 (approximation to sorting by list name)
> rcpt-to address: 1 (unique address per list, I gather)
> The overwhelming majority sort list mail by the identity of the list,
> not by anything else. The one person who sometimes sorts by From:
> said that verifying the address wasn't an issue.
> Unless people can offer real life examples of situations where they
> remotely verify the identity of list contributors beyond using the
> name or address on the From: line, I hope we can put this meme of
> preserving incoming DKIM signatures to bed permanently.
You're assuming that how end-users sort list messages is the same
as how DKIM verifiers might operate on list messages. Is that a
good assumption? Or do you mean something else when you say
(Just asking, and not as chair or anything:-)
> I realize there's all sorts of hypothetical situations one might
> imagine, but since we have over three decades of actual list practice,
> it seems unlikly that any important model of list usage isn't already
> in use somewhere now.
> NOTE WELL: This list operates according to
More information about the ietf-dkim