[ietf-dkim] Mailing lists and signatures
John R. Levine
johnl at iecc.com
Fri Aug 20 20:27:05 PDT 2010
We've had a lot of arguments about the importance of verifying the
identity of contributors to mailing lists. If you think that's important,
take a look at this message.
Even though Mailman has added a subject line tag and a message footer, the
S/MIME signature still verifies, and your MUA should show a green star or
whatever, at least once you've told it to import my S/MIME cert. Mailman
automagically wrapped the multipart/signed in multipart/mixed. And the
signing cert has both my full e-mail address and my True Name.
So I suggest we update the DKIM MLM draft to take out all the stuff about
signatures surviving lists, and just say that if it's important for your
signature to survive, S/MIME already does that, with a suitable pointer.
More information about the ietf-dkim