On Thu, 2005-02-03 at 14:56 +0100, Tom Kistner wrote:
> What I meant was that the majority of deployed mailing list systems will
> be slow in either being DK-aware (add headers on top, no body mangling)
> or deploying DK themselves. When list systems re-sign mail, they should
> obviously only do so if the original message had a good DK signature (so
> they "forward" the good result).
If by 'slow' you mean it's never going to happen in practice in any
significant number of mailing lists, then I agree wholeheartedly. :)
A DK implementation has to deal with what happens in the real world.
Bear in mind that the vast majority of mailing lists _do_ add a Sender:
header already. They don't need to re-sign the mail, and they don't need
to refrain from altering it. We can tell what they've done.
Take the specific case of this message:
From: Tom Kistner <tom@???>
DomainKey-Signature: ... d=duncanthrax.net; ...
Sender: exim-users-bounces@???
A DK-aware recipient should see that there is a Sender: header, which is
obviously is newer than the From: header, and should _not_ reject the
message if the signature from d=duncanthrax.net fails. What result does
your implementation give on the messages you receive back from the list?
--
dwmw2