Couple of points:

1) I never proposed certificates as a substitute for domain
authenticated keys. I suggested certificates as a means of providing an
auxilliary level of assurance.

2) If you have a mailing list that signs mails and you have a reliable
method of knowing the order of signing (such as the signature count I
proposed) the processing steps are simple:

  * Look at the last signature created first
  * If the signature claims to be from a mailing list that we have not
subscribed to then junk it.
  * If the signature validates and the mailing list reputation is
sufficient accept
  * Otherwise look at the next latest signature.


> -----Original Message-----
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Eliot Lear
> Sent: Thursday, January 19, 2006 11:44 PM
> To: Douglas Otis
> Cc: Aumont - Comite Reseaux des Universites; [email protected]
> Subject: Re: [ietf-dkim] Re: DKIM and mailing lists
> 
> Doug,
> > Most lists confirm the email-address by mailing back a link 
> to verify 
> > that the participant indeed receives email at that 
> email-address and 
> > wishes to subscribe to the list, a double op-in.  Will 
> participants on 
> > a list need to have their own certificate?  You seem to be 
> validating 
> > Phillip's concept of using trusted certificates rather than DKIM's 
> > self issued public keys.
> That's not really where I was going.  What I more envision is 
> that a mailing list will have its own reputation that will 
> match the LCD of the list, just as you say, but that the way 
> to protect against that is for lists to be at least a little 
> picky about who they allow on.  After all, we've said that 
> dkim is just a part of the solution, and we've indicated that 
> reputation systems are important (albeit out of scope for 
> this group), so why not let them address this problem as well?
> 
> > Sender beware.  If it were to become common practice to overlay or 
> > remove the DKIM signature upon delivery...
> The ONLY time one removes a signature is when one breaks it.
> 
> Eliot
> _______________________________________________
> ietf-dkim mailing list
> http://dkim.org
> 
> 

_______________________________________________
ietf-dkim mailing list
http://dkim.org

Reply via email to