[ietf-dkim] Straw poll results

[Stephen Farrell]

Hi John,

I think I generally agree with the overall conclusion that expecting
signatures to verify after list processing isn't worth the effort,
but I'm not sure your logic below is sound...

On 09/08/10 18:45, John Levine wrote:
> In article <548B10A3A5FCF3025A4B5508 at lewes.staff.uscs.susx.ac.uk> you write:
>> However, if there's a need to trust the original sender, and you don't 
>> quite trust the list to get that right for you, ...
> 
> It appears that we can discard this concern as counterfactual.  I
> asked how people sort their list mail, and here's what I found:
> 
>   From: address       0.5  (Steve said he sorts on both from and list)
> 
>   List ID or similar: 8.5
> 
>   To: or Cc:.         3 (approximation to sorting by list name)
> 
>   rcpt-to address:    1 (unique address per list, I gather)
> 
> The overwhelming majority sort list mail by the identity of the list,
> not by anything else.  The one person who sometimes sorts by From:
> said that verifying the address wasn't an issue.
> 
> Unless people can offer real life examples of situations where they
> remotely verify the identity of list contributors beyond using the
> name or address on the From: line, I hope we can put this meme of
> preserving incoming DKIM signatures to bed permanently.

You're assuming that how end-users sort list messages is the same
as how DKIM verifiers might operate on list messages. Is that a
good assumption? Or do you mean something else when you say
"sort"?

(Just asking, and not as chair or anything:-)

S.

> 
> I realize there's all sorts of hypothetical situations one might
> imagine, but since we have over three decades of actual list practice,
> it seems unlikly that any important model of list usage isn't already
> in use somewhere now.
> 
> R's,
> John
> 
> _______________________________________________
> NOTE WELL: This list operates according to 
> http://mipassoc.org/dkim/ietf-list-rules.html
>