[Mailman-Developers] feature request: one-click setting to preserve DKIM

Monica Chew mmc at googlers.com
Wed Dec 7 00:39:52 CET 2011 

Hi Terri,

On Tue, Dec 6, 2011 at 11:36 AM, Terri Oda <terri at zone12.com> wrote:
> There were a lot of "it depends" in your email, so maybe I've mis-read, but
> it sounds to me like the long-term path of least user/list admin hassle for
> Mailman probably is to just re-sign the messages.  Except that there's no
> standard for third parties doing re-signing, and no one's sure how to
> interpret it if we do?

I came up with something for groups that we host and would love to see
another MLM implement it. It is a header that stores a copy the
original authentication results as received by the MLM (or any
forwarder, really) before destroying the signature. Respecting this
header requires the expanded message to be re-signed by a trusted
forwarder (easy in my case, since googlegroups.com uses its own DKIM
key) -- so long as this header exists and is signed by a trusted
forwarder, then on inbound we trust the original authentication
results and don't care if the message is signed with a DKIM key that
doesn't match the From.

Maintaining the list of trusted forwarders then becomes a problem for
receivers, but it's one that's a lot more manageable than today's
situation because as Murray points out, many reputation systems have
already been developed around DKIM.

> As a developer, this sounds the makings of one of those life-sucking
> projects you shouldn't touch with a 10-foot pole unless you're getting paid
> to define and defend a standard.

That is not out of the question.

> It sounds like our best option for the near future is to write up a nice
> little document describing the issue, Monica's fix for lists where DKIM is
> essential, and leave it at that as far as code goes until things move a bit
> closer to consensus on how DKIM should handle mailing lists long-term.  As a
> bonus, a nice little document could also be usable with 2.1! If anyone needs
> wiki author permissions to do this, let me know.

Would that go here? http://wiki.list.org/display/DOC/3+List+administrator+tasks
I'm highly motivated to help :)

Thanks,
Monica

More information about the Mailman-Developers mailing list