--On 18 May 2010 14:55:14 +0200 Alessandro Vesely <[email protected]> wrote:
> On 18/May/10 07:08, John Levine wrote: >>>> A DKIM-aware resending MLM is encouraged to sign the entire >>>> message as it arrived, especially including the original >>>> signatures. >>> >>> Would I as an MLM want to resign a message that I received that itself >>> was not signed? Do I want to confer more authority to that message than >>> is warranted? >> >> Yes, of course. The signature means that this message really truly >> came from the mailing list, as opposed to being a random piece of spam >> that happened to resemble list mail. > > +1. However, may I ask how does the verifier know which signature is > the one that belongs to the list? I can think of > > * look at the MAIL FROM domain, à la SPF (breaks forwarding), > * have the list's domain in a white list (requires maintenance), > * use some of the "List-*" fields (which one?) It'll be the one that's not broken, I presume. If there's more than one unbroken signature, I guess the signing domain might want to match the list-id header. > Apparently, section 5.4 doesn't cover this point. > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
