On 18/May/10 07:08, John Levine wrote: >>> A DKIM-aware resending MLM is encouraged to sign the entire message >>> as it arrived, especially including the original signatures. >> >>Would I as an MLM want to resign a message that I received that itself >>was not signed? Do I want to confer more authority to that message than >>is warranted? > > Yes, of course. The signature means that this message really truly > came from the mailing list, as opposed to being a random piece of spam > that happened to resemble list mail.
+1. However, may I ask how does the verifier know which signature is the one that belongs to the list? I can think of * look at the MAIL FROM domain, à la SPF (breaks forwarding), * have the list's domain in a white list (requires maintenance), * use some of the "List-*" fields (which one?) Apparently, section 5.4 doesn't cover this point. _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
