Aumont - Comite Reseaux des Universites wrote: > The problem is that mailing list are not described by any RFC. That's > one of the reasons why so many mailing list manager exists and your > are right, many mailing list software will not deal DKIM-Signature > according to DKIM RFC specification. As someone pointed out earlier, there are two kinds of mailing lists: those that modify the message and those that don't. By "modify" here I mean any changes to the body and to any of the signed headers. Adding additional headers isn't considered a "modification" in this context (unless the signature is constructed to prevent the header from being added).
Here's how I think it should work: Lists that don't modify the message MAY re-sign it. They SHOULD NOT remove the original signature, because its validity has not been affected and it provides useful information. Verifiers MAY consider the original signature or the list signature (subject to Sender Signing Practices) in deciding what to do with the message. Lists that do modify the message SHOULD re-sign it. They MAY remove the original signature, because it is probably invalid anyway. Verifiers MAY consider the list signature in the handling of the message. I believe that signatures from lists (and other third-parties) will be more dependent on reputation and accreditation (and local white lists and black lists). This is because third-party signatures allow messages to be signed by anyone, not just the originator's domain, so it's more important to have some information indicating that the third party is reliable. Domains that host many reliable lists, like ietf.org, imc.org, mipassoc.org, yahoogroups.com, etc. as well as those that operate other third-party signing applications (evite.com, nytimes.com, ...) will generally be whitelisted. But it will be very easy for attackers to apply third-party signatures from throwaway domains so domains with little reputation will have difficulty getting their third party signatures accepted. This isn't a characteristic of DKIM, but is a characteristic of how I expect it will be used in a few years. Lists MAY decide to sign a header indicating whether the message they received was signed. I'm not entirely sure how that would be used, however. As is currently the case, lists can use whatever criteria they want to decide whether to propagate an incoming message: whether the >From address corresponds to an address on the list, for example. Likewise, I can imagine that some lists might eventually require DKIM signatures in order to propagate messages (or bypass moderation); it's entirely up to them. I have a little trouble imagining that they might sign some messages and not others: why would they propagate a message at all when they don't have enough confidence to sign it? -Jim _______________________________________________ ietf-dkim mailing list http://dkim.org
