Boy, this list has been noisy of late. I've been too overwhelmed to pay attention to every message, but from what I can see, it's a resurgence of the argument between those who wanted ADSP/SSP to be simple and those who wanted "third-party signing" support. (Plus a third faction that just wants things to calm down.)
Now, at present, ADSP is near useless, because of the mailing-list problem. (And this is compounded by the ambiguity over what "all" really means.) The 3PS folks are citing this as a sign that the simple-policy folks, who won before, were wrong. But hold on a minute: The "third party signing" problem and the mailing list problem are *not the same*. The latter is a narrower use case. It's not even a subset of literal "third party signing", since any complete solution must accomodate third parties who *do not sign* --- mailing lists that are completely DKIM-ignorant. (Yes, I know any accomodation of legacy lists makes it much much easier to pull off a successful forgery. But as the alternative is "dkim=unknown", it's no loss. An intermediate signal, meaning that mailing lists are the only way the signature can break, would be very helpful to recipients who know what they are subscribed to.) Sure, you can try to force all mailing lists to go through some signing ritual. But if the mailing lists were that willing to bend to accomodate DKIM, they could already accomodate the published RFCs by rewriting the From: on the messages they forward. ---- Michael Deutschmann <[email protected]> _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
