>3. If it decides that it should pass, the mailing list should LEAVE the >existing signature (that part is not universally agreed on, of course,
Since the signature won't verify any more, I don't see the point. There have been some proposals to standardize a header that a verifier could add to say that it found a good signature, and the outgoing signer could sign that, but I'm not sure that's any more useful in practice. How much list mail do you get where there's a question about whether the nominal sender really sent a message? Again, in my experience it's rare enough that we are reduced to citing individual spoofed messages. >The mailing list may, of course, choose to re-sign the message even if >it does not mangle it, which is all the more reason to leave the >original (still-valid) signature there. If the list happens to do little enough to the messages that the signature still passes, that's fine. I just want to make sure that surviving lists is a non-goal, because it's a hopeless swamp. R's, John _______________________________________________ ietf-dkim mailing list http://dkim.org
