> -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of > Terri Oda > Sent: Tuesday, December 06, 2011 11:36 AM > To: [email protected] > Subject: Re: [Mailman-Developers] feature request: one-click setting to > preserve DKIM > > There were a lot of "it depends" in your email, so maybe I've mis-read, > but it sounds to me like the long-term path of least user/list admin > hassle for Mailman probably is to just re-sign the messages. Except > that there's no standard for third parties doing re-signing, and no > one's sure how to interpret it if we do?
Right, except for the last bit. The common practice at the moment is to evaluate (the reputation of) any DKIM domain whose signatures survive transit. They are the only bits of the message guaranteed to be "true" in some way (except maybe the details of the last Received: field, because it's yours). In the case of author-signed mail transiting a list that re-signs, it's most likely I'll get the latter, but I might also get the former. This is basically what RFC6377 says. There is some automatic, intuitive desire to evaluate the message's author domain rather than the message's re-signer domain(s). That's why there's all this pressure to tweak MLMs and other components of the infrastructure to permit author domain signatures to survive to the ultimate recipient. DKIM doesn't require this, but intuition would really like it to be so. It's not really true that "it depends" permeates DKIM's definition. It's pretty clear what DKIM does and doesn't do. But there's a lot of need for stuff just outside the edges of what DKIM does. That's what's creating all this activity around MLMs, reputation, and other adjacent topics. > Which is a pity, because this seems like a great opportunity for us to > trailblaze and help correct a mistaken assumption in DKIM. Which assumption is that? -MSK _______________________________________________ Mailman-Developers mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
