[Mailman-Developers] dkim-signature headers

[Barry Warsaw]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Feb 6, 2007, at 4:40 PM, Michael Thomas wrote:

>> http://www.dkim.org/specs/draft-ietf-dkim-overview-02.html#anchor61
>
> This is not the spec -- and it's not been widely vetted.

Fair enough; it's also out of date as Stephen pointed out.  Still, it  
does indicate that the DKIM authors acknowledge that there are  
compatibility issues with mailing lists.  The updated section 4 that  
Stephen posted seems to be moving toward resolving those issues.

I really want to see the spec address mailing list issues in a  
thorough way, with clear instructions on what such remailers must and  
should do.  Then we can say "Mailman is broken wrt to the spec" or  
"Mailman complies with the spec" or "Can someone please contribute  
code to comply with the spec" or "the spec is broken, we don't agree  
with it, so we won't support it and everyone should abandon Mailman" :).

>> I think we can say Mailman is in compliance with choice #3 in this  
>> list.  I will also agree with the Note at the beginning of this  
>> section that this "may be controversial".  Indeed.
>
> The bottom line here is that you are removing signatures that are not
> broken. In fact, you don't even check to see if they're broken at all.
> That's bad all around.

We're removing signature that we know nothing about.  As I said,  
IWBNI we had code that could check DKIM signatures and sign  
messages.  So a question to ask, in the face of no available code to  
do the verifying or signing, is it better to possibly break  
signatures because of Mailman transformations or better to not have a  
signature at all.  And why?

- -Barry

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iQCVAwUBRckJPnEjvBPtnXfVAQL0KAP9Ejeu+dSdN838rCAlzpumrM4myazKsQ8D
Ya7+yOQ5saKbmhFO/eZpeDn7YWRT2MUw2+P+BuFd0QKEOzmkAeowaLfqtz5r8mme
NQDyXUsj22YGOGV5nK+i8egnmDVvspb4nJ1j9ahuqLmQ3RMtCoIYq+jRx8sCdWXo
5VQAsYjcNAE=
=UnvC
-----END PGP SIGNATURE-----