>I don't so much view DKIM as protecting content; rather, my current view >of its semantics aligns with the whole "taking some responsibility for" >approach.
So far, so good, the signer takes some responsibility for the message. > And thus, a signer should only sign those parts of the header and > body for which it wants to accept responsibility. Good lord, no. Taking some reponsibility for the message is not the same as taking responsibility for some of the message. If you do that, that pretty much requires that we put back the stuff that says that a verifier produces an edited verision of the message, and you better be prepared to have a very, very, very long discussion about how much of a message a signature has to include for it to be "enough" and how to design various metrics about the relative value of signatures that cover more or less of the message. If you think a message is worth signing, sign it. If you don't, don't. Those are the only two options. When a list manager's domain signs a message, it's not asserting anything about the literary merit of the message, it's just saying the message satisfied whatever criteria it uses to select and pass along the messages it signs. (Yes, this is fairly tautological.) The reason you might not include part of a message in the signature is that you don't care if someone changes it. I don't sign Received: or X-Mailer: headers, because changing or deleting them is harmless. I do sign nearly everything else. This also suggests why the l= option is not useful, since it says "I don't care if other people add stuff to the end of the message." R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
