> Suppose that ietf.org asserts an ADSP record but doesn't require > signatures on incoming messages, even from its own domain (there's no > requirement that they do). Someone spoofs a message from > ch...@ietf.org, which is of course unsigned. The message coming out of > the list looks like it has an author signature. I have a problem with that.
Ooh, DKIM vs. list managers again. I don't think that anyone other than the management of ietf.org gets to decide what their signing policy is. There are zillions of ways that mailing lists decide what gets posted to a list. If you like their list management policy, you can trust their signatures. If you don't, you don't. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor "More Wiener schnitzel, please", said Tom, revealingly. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
