[Mailman-Developers] dkim-signature headers

[Barry Warsaw]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Feb 1, 2007, at 2:17 PM, Michael Thomas wrote:

> I've for quite a while thought that part of an ultimate DKIM BCP would
> give some guidance on what a "well behaved mailing list" would be. It
> would certainly be good if mailman were an example of that because at
> least at Cisco it accounts for the bulk of external mailing list  
> traffic
> we see.

I agree with both statements.  Note that there are many email related  
RFCs that are ambiguous in the mailing list use case.  We make  
choices based on our best interpretation but it's never fully  
satisfactory.  If there's a possibility to have DKIM specify what a  
properly behaving mailing should do (with of course, consensus from  
this community and other listserver vendors), then I'm all for it.

> (at least by default). The main issue is that there is a security/ 
> robustness
> tradeoff with the use of l=. That is, bad guys could append content  
> too.
> On the other hand, *if* that comes to pass, receivers are  
> completely at
> liberty to scan the covered and uncovered parts of the body  
> differently,
> delete the appended text, etc, etc.

Isn't it possible that from the point of view of the original sender,  
the mailing list /is/ the bad guy?

(Note too that of course it's trivial to disable DKIM header  
cleansing in Cisco's own copy of Mailman.)

- -Barry



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)

iEYEARECAAYFAkXCuiIACgkQ2YZpQepbvXF5OwCcCe2sET+qPrlQBMhwL9Aty9CL
6GEAn17BAMu9UC4p+mmUmigliEVDitQE
=0INK
-----END PGP SIGNATURE-----