On Mon, Jan 23, 2006 at 02:30:55PM -0500, Wietse Venema allegedly wrote: > When the list server's DKIM signature covers a FROM: header with > an address in some unrelated domain, would not this be considered > a third-party signature?
It could be. It's certainly something concrete that a verifier can act on. We merely need to describe the desired actions. > This would be avoided by having the list sign only the headers that > identify the list. That presents the same sort of risks that -l does. I would must prefer the list sign the whole content and the spec define the verifier semantics when a 3rd party signature is seen with, eg, a List-ID covered by the second signature. If well defined, those semantics should be able to achieve the functional affect of your suggestion without the risk of sending unsigned material. Mark. _______________________________________________ ietf-dkim mailing list http://dkim.org
