Wietse Venema wrote: > Jim Fenton: > >> Thanks for the summary, Stephen. >> >> Stephen Farrell wrote: >> >>> - There are arguments that supporting both original and >>> mail-list signatures would be useful, but there are >>> also difficulties with this in particular adding the >>> mail-list signature will often break the original >>> signature. (If the mail-list signature only covers >>> the content and certain headers like List-Id then >>> this might work better). >>> >> I didn't find the original mention of this, but I'm not clear on why >> adding a mail-list signature would break the original. It's just an >> additional header field, and unless the original signature was >> constructed to prevent that (by including DKIM-Signature in the h= >> headers) there shouldn't be a problem. What might break the original >> signatures is the modifications to the message that necessitated the >> mail-list signature. >> > > When the list server's DKIM signature covers a FROM: header with > an address in some unrelated domain, would not this be considered > a third-party signature? This would be avoided by having the list > sign only the headers that identify the list. > When a recipient looks at a message, they see (typically) the From: address. If there is a signature corresponding to this address, the message has an Originating Address signature. If there isn't, but there is some other valid signature on the message, it has a third-party signature. It's the correspondence (or lack thereof) between the signature address and the origin address that the user typically sees that determines whether it's a third-party signature.
Signing the From: header is currently required, but suppose it weren't: It would still be significant whether or not the signature represented the From address, and that would determine whether it was a third-party signature or not. -Jim _______________________________________________ ietf-dkim mailing list http://dkim.org
