[ietf-822] Aptness of DKIM for MLs

[Alessandro Vesely <vesely@tana.it>]

On Tue 06/May/2014 19:12:38 +0200 John Levine wrote:
> 
> Anything that says "I'm a mailing list" is only useful with some
> sort of external validation that it really is a list.

Please note that "really is a list" actually means "/good/ list".  An
unmoderated, unfiltered list, with no posting restrictions and
dubious subscription practices would technically still be a list, but
nobody would whitelist it --nor subscribe to it.

> If you have to do that anyway, you might as well use the list's
> DKIM signature as the key which doesn't involve inventing any new 
> mechanism.

A useful mechanism tells domain admins which users post to which
lists.  Domain admins can consider those posts as endorsements from
their users.

> I think it's also pretty clear that any scheme that depends on the
> DKIM signatures of incoming messages transiting mailing list software
> won't work, either.

As that is being told by the author of "A DKIM Profile to Enable
Message Forwarding", I guess I should believe it.  However, it is not
clear why.  Paul asked for Message-ID: to be signed too.[1]  I
suggested that each ML defines an h= header field list that authors'
domains can reliably sign.[2]

You mentioned even From: cannot be reliably signed because MLMs need
to "standardize" its syntax.[3]  It seems to me that eliminating some
of such gratuitous changes is the solution to DMARC-for-MLs which
minimizes the alterations in MLM software.  Are you sure it won't
work?

Ale

[1] http://www.ietf.org/mail-archive/web/ietf-822/current/msg06856.html
[2] http://www.ietf.org/mail-archive/web/ietf-822/current/msg06715.html
[3] http://www.ietf.org/mail-archive/web/ietf-822/current/msg06821.html