If conditional signatures require the participatuon of the author's MTA, then the consent of the domain owner is implied. DKIM scopes already provide a solution for delegating authority, but the MLM problem stems from not wanting to seek domain owner involvement.
Just as significantly, tbe MLM does not want to sign the same document as what was signed by the author. If the document is unchanged, a conditional signature is not needed. If tbe document is alrered after the first signature, the first signsture is not applicable to the second signature. On Jun 20, 2020 7:13 AM, Alessandro Vesely <ves...@tana.it> wrote:On Sat 20/Jun/2020 02:52:55 +0200 John Levine wrote: > On Fri, 19 Jun 2020, Murray S. Kucherawy wrote: > >> A number of drafts were floated, as I recall. I had a couple. > > There's always my conditional signing hack, in which one puts a very > weak signature on the message which says it only counts if it's > resigned by X, where X is the expected mediator. Conditional signatures should be paired with a mechanism that tells the author's MTA when to apply them. For example, a water tight opt-in protocol whereby author, MLM, and author's MTA can do a three-hand handshake. Without that, we're back to depending on reputation, for which simple whitelisting suffices. Best Ale -- _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc