On 4/23/2010 6:50 AM, MH Michael Hammer (5304) wrote: > If John is making some assertion of responsibility for his message by > signing, what is the limit of his responsibility as the message flows through > the ecosystem? Where is the RFC that says his signature should be stripped?
Most importantly, where is the specification that says a DKIM signature overrides The MailFrom address? > If the list stripped his signature and someone modified what he wrote is this > a failure of DKIM or is it something else? What are we collectively (and > individually) trying to achieve if we are signing the body and not just the > headers? If a list already knows it should strip DKIM signatures, isn't also likely that the list will be able to sign? We have no empirical data that the presence of a list signature AND an author signature will produce the wrong results (for some definition of wrong.) > When the person hit the "this is SPAM" button were they referring to John's > message or were they referring to mail from the list? How do we know? good questions. > If there were more than one valid signature on the message where would Yahoo > send the report? We should ask Yahoo. > Where should Yahoo send the report? Yup. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
