Hi John, I think I generally agree with the overall conclusion that expecting signatures to verify after list processing isn't worth the effort, but I'm not sure your logic below is sound...
On 09/08/10 18:45, John Levine wrote: > In article <[email protected]> you write: >> However, if there's a need to trust the original sender, and you don't >> quite trust the list to get that right for you, ... > > It appears that we can discard this concern as counterfactual. I > asked how people sort their list mail, and here's what I found: > > From: address 0.5 (Steve said he sorts on both from and list) > > List ID or similar: 8.5 > > To: or Cc:. 3 (approximation to sorting by list name) > > rcpt-to address: 1 (unique address per list, I gather) > > The overwhelming majority sort list mail by the identity of the list, > not by anything else. The one person who sometimes sorts by From: > said that verifying the address wasn't an issue. > > Unless people can offer real life examples of situations where they > remotely verify the identity of list contributors beyond using the > name or address on the From: line, I hope we can put this meme of > preserving incoming DKIM signatures to bed permanently. You're assuming that how end-users sort list messages is the same as how DKIM verifiers might operate on list messages. Is that a good assumption? Or do you mean something else when you say "sort"? (Just asking, and not as chair or anything:-) S. > > I realize there's all sorts of hypothetical situations one might > imagine, but since we have over three decades of actual list practice, > it seems unlikly that any important model of list usage isn't already > in use somewhere now. > > R's, > John > > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html > _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
