-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Feb 1, 2007, at 2:17 PM, Michael Thomas wrote:
> I've for quite a while thought that part of an ultimate DKIM BCP would > give some guidance on what a "well behaved mailing list" would be. It > would certainly be good if mailman were an example of that because at > least at Cisco it accounts for the bulk of external mailing list > traffic > we see. I agree with both statements. Note that there are many email related RFCs that are ambiguous in the mailing list use case. We make choices based on our best interpretation but it's never fully satisfactory. If there's a possibility to have DKIM specify what a properly behaving mailing should do (with of course, consensus from this community and other listserver vendors), then I'm all for it. > (at least by default). The main issue is that there is a security/ > robustness > tradeoff with the use of l=. That is, bad guys could append content > too. > On the other hand, *if* that comes to pass, receivers are > completely at > liberty to scan the covered and uncovered parts of the body > differently, > delete the appended text, etc, etc. Isn't it possible that from the point of view of the original sender, the mailing list /is/ the bad guy? (Note too that of course it's trivial to disable DKIM header cleansing in Cisco's own copy of Mailman.) - -Barry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin) iEYEARECAAYFAkXCuiIACgkQ2YZpQepbvXF5OwCcCe2sET+qPrlQBMhwL9Aty9CL 6GEAn17BAMu9UC4p+mmUmigliEVDitQE =0INK -----END PGP SIGNATURE----- _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
