John R. Levine wrote: > We've had a lot of arguments about the importance of verifying the > identity of contributors to mailing lists. If you think that's important, > take a look at this message. > > Even though Mailman has added a subject line tag and a message footer, the > S/MIME signature still verifies, and your MUA should show a green star or > whatever, at least once you've told it to import my S/MIME cert. Mailman > automagically wrapped the multipart/signed in multipart/mixed. And the > signing cert has both my full e-mail address and my True Name.
Sorry John, I don't see any "green star" or any other form of certified mail indication in Thunderbird our Outlook. There is also no 5322 based S/MIME parts in the source message. Any evidence of that expectation by you has been stripped and cleaned at the scene of the crime. > > So I suggest we update the DKIM MLM draft to take out all the stuff about > signatures surviving lists, and just say that if it's important for your > signature to survive, S/MIME already does that, with a suitable pointer. +1 for removal of any suggestions that broken ADSP protected signatures can be restored without conflict. -1 for adding any reference to S/MIME. I don't think it is a good idea to further complicate this by adding another unnecessary protocol interface engineering requirement. What is ironic is that this message of your 100% exemplifies all the concerns and also benefits POLICY proponents have been advocating. You had an expectation for mail operations, a POLICY regarding S/MIME expectations, yet that expectation failed. Allow people to expose that expectation using standard methods, and "receivers" will begin to honor it. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
