Subject: Developers of Sympa
List archive
- From: Daniel Black <address@concealed>
- To: address@concealed
- Subject: [sympa-dev] DKIM compatibility
- Date: Tue, 31 Mar 2009 20:08:24 +1100
All,
It was mentioned recently[1] that DKIM compatibility was a goal. To the
spirit
of DKIM I think that email list managers (intermediaries)[2] should have the
option not to break DKIM signatures, I propose[3] that a global dkim_friendly
= yes that will disable and hide options that break DKIM signatures. This is
one way and entire domain can enforce a policy quickly and easily.
The list owner could set anonymous_sender which would once again enable all
the DKIM breaking options. This is a reasonable tradeoff as modifying the
source domain removed the burden of ADSP[4] verification. Once the signature
is
broken the deployment guide[2] says that the signature may be removed. I
think
this is a fair thing to do. Leaving the MTA to performing signing and
verification is the also becomes easier once the anonymous_sender domain is
one
associated with the list instead of the sender.
Another option similar to anonymous_sender like mangle_sender, so the sender
is recognizable to a human, however doesn't confirm to the sender real email
address that would cause ADSP to fail (e.g. sympa-
address@concealed), could also have the same effect.
I'm interested in what others think.
[1]https://sourcesup.cru.fr/tracker/?func=detail&group_id=23&aid=4374&atid=170
[2] http://www.dkim.org/specs/draft-ietf-dkim-
deployment-03.html#rfc.section.8.4
[3]
https://sourcesup.cru.fr/tracker/?func=detail&group_id=23&aid=3523&atid=167
[4] http://www.dkim.org/specs/draft-ietf-dkim-ssp-04.html
Daniel Black
--
Email/List Administrator
CAcert
- [sympa-dev] DKIM compatibility, Daniel Black, 03/31/2009
Archive powered by MHonArc 2.6.19+.