Just on 3rd party signing and mainly for my own benefit (and hopefully yours) I see a few cases I'll try to describe.
1) I send an email to a mailing list, I first party dkim sign the email Considering mailman behavior, what does it do with this email? -It could resend it as is, adding a third party signature, but usually mailman will modify the subject adding [list topic] to the subject and also adding a footer or header, therefore breaking the 1st party signature. So mailman should not modify subject nor add headers/footers in the message -It could change the from, remove the first party signature, and apply its own signature either as first party or third party, but then we would not know who sent the original email unless we move the original from: to the Sender: header. In this case mailman can change the subject and add headers footers. 2) I have a web app that sends emails with multiple identities. The web app could do a third party signing, but with each identity may require to have a dkim key to be able to do first party signing. Did I miss some cases? It seems to me, that in all cases, third party signing cannot exists on its own without valid first party signing? _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
