[Mailman-Developers] dkim-signature headers
barry at python.org
Wed Feb 7 00:03:26 CET 2007
-----BEGIN PGP SIGNED MESSAGE-----
On Feb 6, 2007, at 4:40 PM, Michael Thomas wrote:
> This is not the spec -- and it's not been widely vetted.
Fair enough; it's also out of date as Stephen pointed out. Still, it
does indicate that the DKIM authors acknowledge that there are
compatibility issues with mailing lists. The updated section 4 that
Stephen posted seems to be moving toward resolving those issues.
I really want to see the spec address mailing list issues in a
thorough way, with clear instructions on what such remailers must and
should do. Then we can say "Mailman is broken wrt to the spec" or
"Mailman complies with the spec" or "Can someone please contribute
code to comply with the spec" or "the spec is broken, we don't agree
with it, so we won't support it and everyone should abandon Mailman" :).
>> I think we can say Mailman is in compliance with choice #3 in this
>> list. I will also agree with the Note at the beginning of this
>> section that this "may be controversial". Indeed.
> The bottom line here is that you are removing signatures that are not
> broken. In fact, you don't even check to see if they're broken at all.
> That's bad all around.
We're removing signature that we know nothing about. As I said,
IWBNI we had code that could check DKIM signatures and sign
messages. So a question to ask, in the face of no available code to
do the verifying or signing, is it better to possibly break
signatures because of Mailman transformations or better to not have a
signature at all. And why?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
-----END PGP SIGNATURE-----
More information about the Mailman-Developers