[ietf-dkim] Mailing lists and signatures

[Hector Santos]

John R. Levine wrote:
> We've had a lot of arguments about the importance of verifying the 
> identity of contributors to mailing lists.  If you think that's important, 
> take a look at this message.
> 
> Even though Mailman has added a subject line tag and a message footer, the 
> S/MIME signature still verifies, and your MUA should show a green star or 
> whatever, at least once you've told it to import my S/MIME cert.  Mailman 
> automagically wrapped the multipart/signed in multipart/mixed.  And the 
> signing cert has both my full e-mail address and my True Name.

Sorry John, I don't see any "green star" or any other form of 
certified mail indication in Thunderbird our Outlook. There is also no 
5322 based S/MIME parts in the source message.  Any evidence of that 
expectation by you has been stripped and cleaned at the scene of the 
crime.

> 
> So I suggest we update the DKIM MLM draft to take out all the stuff about 
> signatures surviving lists, and just say that if it's important for your 
> signature to survive, S/MIME already does that, with a suitable pointer.

+1 for removal of any suggestions that broken ADSP protected 
signatures can be restored without conflict.

-1 for adding any reference to S/MIME.  I don't think it is a good 
idea to further complicate this by adding another unnecessary protocol 
interface engineering requirement.

What is ironic is that this message of your 100% exemplifies all the 
concerns and also benefits POLICY proponents have been advocating.

You had an expectation for mail operations, a POLICY regarding S/MIME 
expectations, yet that expectation failed.

Allow people to expose that expectation using standard methods, and 
"receivers" will begin to honor it.

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com