>> A) the mailing list server adds a signature i= (signer) and "From:" are >> different. The signature may be invalid if the sender SSP does not allow >> third party signature. > >That's a good argument why the Lists's signature should not cover >the FROM: etc. headers with the poster's address, but be limited >to the message headers that identify the List itself.
Seems to me that it tells us that list software shouldn't forward messages from domains that use SSP to say no third party signatures. There are all sorts of techniques that people use to validate mail sent to mailing lists, from passwords in the message to challenges back to the sender to manual moderators who know the writing styles of their contributors. If the sender's been validated, why shouldn't the list software sign the while message? Thinking about the situations where domains would be likely to use SSP to say no third-party signatures, it's hard to imagine one where they'd want their mail to be forwarded through a mailing list. If mail through a list fails with that SSP setting, it's probably a feature. This scenario also may be a hint that the current model of SSP won't be very useful, but I don't think we'll know until we try it. R's, John _______________________________________________ ietf-dkim mailing list http://dkim.org
