On January 18, 2006 at 10:20, Douglas Otis wrote: > Modifying the message is already a common practice by list-servers > and resigning a modified message may not overcome restrictions > imposed by a From email-address policy.
I wonder if there are any legal ramification of modifying messages. It is common for list software to modify messages, but one could consider this a violation of copyright law. If DKIM gets deployed, legal ramifcations may become more probable. > In the dkim-options draft, rather than restricting an email-address, > the goal was to identify unique sources and highlight recognized > correspondents. This included the ability to assert a signing role > such as mediator, as in the case of a list-server. Adding a signing > role avoids difficulties in classifying the nature of the source and > may squelch conflict notifications. Would specifying which field a signature is asserting a role against be sufficient? For example, an originating domain may assert against the originating header fields From, Sender, and/or Reply-To. A mailing list could assert against the List-ID and possibly any other List-* header fields. Note, this does not preclude a signer from including any header field in the signature. The role assertion only designates which header fields it is applying a role to. This way, a mailing list can add a signature w/o interfering with any SSP of an originator. Taking the way SSP is defined now, it only needs to be examined wrt the From field if a signature asserts a role against it. I.e. Assertions against a known originating field (as defined in RFC-2822) warrant an SSP check. This will allow domains to apply DKIM signatures on messages without worrying if the domain associated with the originating address disallows third-party signatures since such signatures contain no assertion against an originating header field. Note, this does not address your [Doug] overall concerns about SSP, but only the security problems of allowing third-party signatures as SSP is currently defined. --ewh _______________________________________________ ietf-dkim mailing list http://dkim.org
