On Fri, Jan 20, 2006 at 05:44:25AM +0100, Eliot Lear allegedly wrote: > > Sender beware. If it were to become common practice to overlay or > > remove the DKIM signature upon delivery... > The ONLY time one removes a signature is when one breaks it.
Eliot I agree with all of what you say, particularly the philosophy of keeping list participation cheap and simple. On the matter of breaking signatures, I think that mantra #1 is that a broken sig is the exact equivalent of no sig therefore we need not impose the task of sig removal on any party. Given mantra #1, I think we can give Lists very simple guidance: o preferably use DKIM to verify submissions o add List-ID - as all good Lists are doing now o DKIM sign the content so as to include List-ID Verifiers should first process the "outer" signature of the List and assuming that verifies, take the List delivery path. Additionally a verifier might wish to attempt verification of the "inner" signature, and if that verifies they may be able to add some value. For the services I'm involved with, I would not do this step, but I understand that others find this of value. Rather, I would manage knowledge of which List-IDs the recipient has subscribed to and regardless of anything else, email with a List-ID would be delivered to a "List" Folder in the absence of more specific instructions. The point about all this is that the List does not involve itself in the matter of the original author and the final receiver. If the original author sig happens to survive then the final receiver can add value if they choose to - but it's not a matter for the List to consider one way or the other. In short, Lists can be lazy and I'm guessing they'll like that. This also happens to be what a lot of Lists will do today with no changes in code. Some have talked about a List verifying the submission and adding a header that claims they made the DKIM verification. This delegated trust approach bothers me and seems contrary to the fundamental concept that a final receiver can determine all authentication matters independent of intervening parties. I call this mantra #2 - trust no one but yourself. All of which delves into the contentious issue of multiple valid signatures - on that note, I'll abstain for now apart to suggest that valid multiples only seem to make sense when viewed as a hierarchy. Mark. _______________________________________________ ietf-dkim mailing list http://dkim.org
