[ietf-dkim] Mailing lists and signatures
hsantos at isdg.net
Sat Aug 21 07:51:04 PDT 2010
John R. Levine wrote:
> We've had a lot of arguments about the importance of verifying the
> identity of contributors to mailing lists. If you think that's important,
> take a look at this message.
> Even though Mailman has added a subject line tag and a message footer, the
> S/MIME signature still verifies, and your MUA should show a green star or
> whatever, at least once you've told it to import my S/MIME cert. Mailman
> automagically wrapped the multipart/signed in multipart/mixed. And the
> signing cert has both my full e-mail address and my True Name.
Sorry John, I don't see any "green star" or any other form of
certified mail indication in Thunderbird our Outlook. There is also no
5322 based S/MIME parts in the source message. Any evidence of that
expectation by you has been stripped and cleaned at the scene of the
> So I suggest we update the DKIM MLM draft to take out all the stuff about
> signatures surviving lists, and just say that if it's important for your
> signature to survive, S/MIME already does that, with a suitable pointer.
+1 for removal of any suggestions that broken ADSP protected
signatures can be restored without conflict.
-1 for adding any reference to S/MIME. I don't think it is a good
idea to further complicate this by adding another unnecessary protocol
interface engineering requirement.
What is ironic is that this message of your 100% exemplifies all the
concerns and also benefits POLICY proponents have been advocating.
You had an expectation for mail operations, a POLICY regarding S/MIME
expectations, yet that expectation failed.
Allow people to expose that expectation using standard methods, and
"receivers" will begin to honor it.
Hector Santos, CTO
More information about the ietf-dkim