On Apr 23, 2010, at 6:28 PM, Murray S. Kucherawy wrote: > Something like: X sends to a list at Y that then relays to Z; Z trusts Y to > implement DKIM and Authentication-Results and all that properly, so Z > believes Y when it says "X had a signature on here that verified" even if X's > signature on arrival at Z is either invalid or absent.
That's interesting. Let's make this concrete... I'll use myself as an example. X = me/PayPal.com Y = this list/[email protected] Z = Google's Gmail service [1] It is my assumption that someone subscribed to this list has a gmail.com account (or a Yahoo.com account [2]). Therefore, my use case is simple. I would hope that those of you reading this from your Gmail or Yahoo! accounts actually receive this message. If Z breaks the signature, you won't see this. So if it simply isn't practical to expect lists to maintain the signature, then offering the option for the list to validate the signature coming from X and send a new signature to Z that Z *can* (but doesn't have to) "trust", is something immediately useful. Murray, is this what you discussed supporting in IETF #77? If yes, what's the status? -- Brett [1] https://www.thepaypalblog.com/2008/07/google-joins-th/ [2] https://www.thepaypalblog.com/2007/10/yahoo-paypal-an/ _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
