On 01/Sep/10 23:43, Murray S. Kucherawy wrote: > Personally I do see use in the document's current form. Although I > realize MLMs haven't done the work to preserve signatures in the > past, I get the feeling there's desire out there for that to start > to happen; receivers want it, for whatever reason, and I don't hear > a lot of people coming out against the idea. Are we really on > solid ground telling them "You don't need/don't want/can't have > it?"
+1: if DKIM works it should also work for MLMs. However, the other issue is to break or remove author domain signatures. John has pointed this out since a long time, for FBL reasons. Doug has brought out the same issue for replaying attacks aimed at breaking reputation, because replaying is definitely out of control in case of publicly distributed messages. Mutually exclusive as they may seem, those two issues together simply beg for the ability to take just the extent of responsibility that a signer deems correct, given the recipients for the message at hands. I repeat the two proposals that have been made, and ask once more whether there are further ways to achieve similar results. Charles' From-%-rewriting. It seems the WG disagrees with it. However, it has also been mentioned that some MLMs already change the From. Should it be forbidden? If not, I see no reason not to document it. Joint Signatures. I haven't seen many opinions on this proposal of mines. Anyone? Here are some pointers: last paragraph in http://mipassoc.org/pipermail/ietf-dkim/2010q3/014008.html http://mipassoc.org/pipermail/ietf-dkim/2010q3/013881.html http://mipassoc.org/pipermail/ietf-dkim/2010q3/013829.html _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
