On Mon 21/Dec/2020 01:52:11 +0100 Benny Pedersen wrote:
On 2020-12-20 23:07, Michael Thomas wrote:
On 12/20/20 2:01 PM, Benny Pedersen wrote:
hopefully maillists stops dkim signing, its the incorrect place to solve
breaking dkim
Sorry, ARC is warmed over DKIM, and an experiment. DKIM is a full
internet standard and expressly intended for lists, etc to resign if
they broke the original DKIM signature. We have always had the ability
to do reputation checks regardless of ARC. I'm not sure when this wg
lost sight of that.
only original senders should dkim sign, rest should only arc sign, i dont have
to agre on anyhing other then that, if maillists dkim sign thay try to steel
the original dkim private key without succes, and there is possible a solotion
to dmarc adsp handling this break
seeing eitf do 3 dkim sign just to be sure it does not work
For the message I'm replying to, I got:
Authentication-Results: wmail.tana.it;
spf=pass smtp.mailfrom=ietf.org;
dkim=pass reason="Original-From: transformed" (whitelisted) header.d=junc.eu;
dkim=pass (whitelisted) header.d=ietf.org
header.b=GUNfiCpP;
dkim=fail (signature verification failed, whitelisted) header.d=ietf.org
header.b=IIMQxhd+
Two out of three is not bad, is it? If IETF only did ARC seals, I'd probably
verified no signature at all —since I don't run ARC checks.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
