[Mailman-Developers] dkim-signature headers
Barry Warsaw
barry at python.org
Wed Feb 7 16:18:00 CET 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Feb 7, 2007, at 1:39 AM, Stephen J. Turnbull wrote:
> Certainly. What we really want is policy agents that are smart enough
> to say to the user
>
> This message has a signature which verified successfully and one
> which failed. According to the Received trace and the List-Id
> header, and correlated with the SENDER_IS_MAILMAN_BOUNCE heuristic,
> the successful signature was added by the Mailman Users mailing
> list. The wooz.1april signature failed.
>
> In similar cases in the future for this mailing list, should I
>
> (o) Rely on the verified signature and silently accept the message
> ( ) Ask how to treat the message
> ( ) Silently discard the message
>
> [[Accept this message]] [Discard this message]
Part of me agrees that this is what you'd like to see, but my gut
tells me that this will never work in practice. First, no one but an
email geek will even understand the question, let alone know how to
answer it, and second, I fear that most u/i's and policy engines will
boil this down to a very simple choice for the user:
This message is unverified
[Accept] [Discard]
(o) Do the same for all similar messages
- -Barry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
iQCVAwUBRcntrXEjvBPtnXfVAQKCHwP6A1hqINQZj+EFnC0Vr9i49/wdAx3lA3NW
+E3LpOALR9rfhmTxr3IM7tK3niPz7BFl4s7aPZhTReHt2HqVuED4ZOZzV7z0s7hc
x6UM/Cm05fiGAz0A3aTLtrJiq8zQfu0h8Vc4mBJxlUt4hOUB/In+gDsLAzVqyHOB
N2qgM7Wll0w=
=B1XG
-----END PGP SIGNATURE-----
More information about the Mailman-Developers
mailing list