[ietf-dkim] Revision to draft-ietf-dkim-mailinglists posted
Murray S. Kucherawy
msk at cloudmark.com
Mon Apr 25 15:28:36 PDT 2011
I don't so much view DKIM as protecting content; rather, my current view of its semantics aligns with the whole "taking some responsibility for" approach. In essence, when an agent conducts verification, it is presenting the hashed content to the signer and asking, "Did you take some responsibility for this?" A successful verification is an implicit "yes". And thus, a signer should only sign those parts of the header and body for which it wants to accept responsibility. Most of the time that should be most or all of the message, but there might be a point at which an intermediary or relay doesn't want to do that, but rather just wants to sign the parts it added or changed (as much as it's possible to do so).
In the MLM's case, the entire body plus any fields it added or changed seems like the appropriate content over which to make some assertion of responsibility.
More information about the ietf-dkim