Mr. Aumont,

I think deployment of DKIM require a good support of DKIM by some of the major mailing list software. I am one of the author of Sympa mailing list software and I feel concerned by this.  What a mailing list manager must do with DKIM ?

>From my understanding, the minimum is to preserve existing DKIM-Signature: header and not modify the message in a way that will alter the signature.  For this issue, existing specification are quite clear (the difficulties are only related to headers that must be preserved where most availible libraries to modify message headers  don't garanty headers  lenght line and headers order).

My memory matches that of Stephen's that this was an issue raised in the BoF, and that there was at least a tacit understanding that the matter would be addressed by the working group.  I think there is already some guidance in the base draft.

Thus far discussions seem to conclude along the following lines:
  • If a mailing list manager is going to mangle a message that was signed it SHOULD resign it.  This has all the UI problems that Doug mentioned in his message.
  • The original spec had a length attribute just so that the text of a message could be preserved while some sort of mailing list blurb could be added.  This is not a perfect solution.  For one, if a mailing list manager is too smart and attempts to modify multipart/alternative components, the game is lost because you have to delve deep into the message to do that.  Fortunately I don't know of mailing list software that does this.  Some guidance here would be useful.
  • Some guidance will need to be given about protection of the "Subject:", "Sender:", and any other headers that are protected.  This goes beyond mailing list maintainers.  If the signing domain protects either, then the mailing list system should be reticent to make changes.  But should the signing domain sign these things in the first place?
Eliot
_______________________________________________
ietf-dkim mailing list
http://dkim.org

Reply via email to