Steve Atkins wrote: > On Aug 9, 2010, at 4:31 PM, Scott Kitterman wrote: >> On Monday, August 09, 2010 06:52:04 pm Steve Atkins wrote: >>> One implication of that is that if you're planning to do something with >>> email that will break if there's a MLM involved, it's broken[1]. >>> >>> [1] We could call this "The SRS lemma". >> Yes. It's very similar.
However, it's wrong. As a counterexample, S/MIME or PGP encryption will break if there's a MLM involved, but they're not broken. >> One needs to decide what factors one cares about the most. I said a few >> threads ago that I don't think there is a completely satisfactory solution. >> I >> think the possibilities are roughly: >> >> 1. Fix lists so that signatures survive. This has to be plan A. >> 2. Have MLMs change the domain of the message. >> >> 3. Have mail get rejected/discarded/etc. > > 4. Write off ADSP as broken, do something useful instead. Agreed. As a fact, I've had to disable ADSP in my DKIM-filter, because I'm unable to whitelist every MLM. >> There are variants of all three possibilities, but none that will satisfy >> everyone. > > Yup. Since someone asked about the difference between signing digests vs individual list messages, let me put a similar question: DKIM practices put much concern in preserving the integrity of an author's text. Yet, when the same text is quoted in replies, it is subject to arbitrary changes, and nobody cares. Given that, why cannot we relax integrity requirements when a message is destined to a list, as if the list just "quoted" it? As a practical possibility, a verifier may dump correctly signed List-Post addresses from incoming messages onto a database. Let's call it the server's "participating MLMs DB." When a signer is about to sign mail to a participating MLM, it puts l=0 and only signs the fields "From", "Date", and, if we wish to formalize the reason, "ADSP-Required". _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
