Couple of points: 1) I never proposed certificates as a substitute for domain authenticated keys. I suggested certificates as a means of providing an auxilliary level of assurance.
2) If you have a mailing list that signs mails and you have a reliable method of knowing the order of signing (such as the signature count I proposed) the processing steps are simple: * Look at the last signature created first * If the signature claims to be from a mailing list that we have not subscribed to then junk it. * If the signature validates and the mailing list reputation is sufficient accept * Otherwise look at the next latest signature. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Eliot Lear > Sent: Thursday, January 19, 2006 11:44 PM > To: Douglas Otis > Cc: Aumont - Comite Reseaux des Universites; [email protected] > Subject: Re: [ietf-dkim] Re: DKIM and mailing lists > > Doug, > > Most lists confirm the email-address by mailing back a link > to verify > > that the participant indeed receives email at that > email-address and > > wishes to subscribe to the list, a double op-in. Will > participants on > > a list need to have their own certificate? You seem to be > validating > > Phillip's concept of using trusted certificates rather than DKIM's > > self issued public keys. > That's not really where I was going. What I more envision is > that a mailing list will have its own reputation that will > match the LCD of the list, just as you say, but that the way > to protect against that is for lists to be at least a little > picky about who they allow on. After all, we've said that > dkim is just a part of the solution, and we've indicated that > reputation systems are important (albeit out of scope for > this group), so why not let them address this problem as well? > > > Sender beware. If it were to become common practice to overlay or > > remove the DKIM signature upon delivery... > The ONLY time one removes a signature is when one breaks it. > > Eliot > _______________________________________________ > ietf-dkim mailing list > http://dkim.org > > _______________________________________________ ietf-dkim mailing list http://dkim.org
