On Mon 24/Aug/2020 19:24:03 +0200 John Levine wrote:
In article <CAL0qLwaip0fzXpqnK=XTcEELZRat_gnjuEGZYj=8qgy3wky...@mail.gmail.com>
you write:
If the intermediary DKIM signs the modified message with their own
signature, that provides some assurance to the receiver.
You mean like https://tools.ietf.org/html/draft-levine-dkim-conditional-00?
I'm pretty sure that got implemented too, but I can't recall now if it ever
shipped.
I don't think it ever did. It has the scaling problem of every system that
sends to mailing lists
having to decide what mail it's willing to have re-signed and what domain the
second signature
will use. Usually it's the domain name of the list except when it's not.
Right. The only practical implementation I see is that the sender has
a list of recipient addresses that require weak signatures. When it
is about to send a message destined to a listed address, it can fork
the message so that the weakly signed copy is sent to the (trusted)
list address only. Any direct copy is signed in full.
To configure that, a postmaster would need an application by the list.
Something saying "your users A, B, and C are subscribed to list X,
please sign weakly". The postmaster would then verify if A, B, and C
are trusted users and if they confirm to be subscribed to X. In that
case, the address of X gets enlisted. Would that scale?
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
