Hi Terri, On Tue, Dec 6, 2011 at 11:36 AM, Terri Oda <te...@zone12.com> wrote: > There were a lot of "it depends" in your email, so maybe I've mis-read, but > it sounds to me like the long-term path of least user/list admin hassle for > Mailman probably is to just re-sign the messages. Except that there's no > standard for third parties doing re-signing, and no one's sure how to > interpret it if we do?
I came up with something for groups that we host and would love to see another MLM implement it. It is a header that stores a copy the original authentication results as received by the MLM (or any forwarder, really) before destroying the signature. Respecting this header requires the expanded message to be re-signed by a trusted forwarder (easy in my case, since googlegroups.com uses its own DKIM key) -- so long as this header exists and is signed by a trusted forwarder, then on inbound we trust the original authentication results and don't care if the message is signed with a DKIM key that doesn't match the From. Maintaining the list of trusted forwarders then becomes a problem for receivers, but it's one that's a lot more manageable than today's situation because as Murray points out, many reputation systems have already been developed around DKIM. > As a developer, this sounds the makings of one of those life-sucking > projects you shouldn't touch with a 10-foot pole unless you're getting paid > to define and defend a standard. That is not out of the question. > It sounds like our best option for the near future is to write up a nice > little document describing the issue, Monica's fix for lists where DKIM is > essential, and leave it at that as far as code goes until things move a bit > closer to consensus on how DKIM should handle mailing lists long-term. As a > bonus, a nice little document could also be usable with 2.1! If anyone needs > wiki author permissions to do this, let me know. Would that go here? http://wiki.list.org/display/DOC/3+List+administrator+tasks I'm highly motivated to help :) Thanks, Monica _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9