DKIM Deployment

[Serge Aumont <>]

Hi


Jesse Thompson wrote:
> Well, I think that we should take responsibility (and hence sign)
> everything we emit.  
So we should define what mean "take responsibility" and also define the 
meaning of "sign".

"Sign" as defined by law in many counties means that the signer agree on 
the related document content . In the context of DKIM (and S/MIME or 
PGP)  we use "sign" just for a technical method to prove integrity  and 
authenticate the sender. This is a important difference.

What does mean  "take responsibility" ? I would like to understand that 
in the context of a public mailing list server where some hosted lists 
are open to anyone for sending messages. The responsability for the list 
is under the control of the list owner who signed a contract for it with 
my organisation.

Should we "take responsibility for everything we emit" ? I don't think 
so, but may be we could "take responsibility for sending everything we 
send"...

How ever, DDX project is interesting us in the particular context of 
mailing list. Sympa is a re-mailer that break DKIM signature (where 
S/MIME are preserved). I would like to adapt Sympa in order to :
-1- verify existing DKIM signature if this can be usefull when 
evaluating if the list server must request sender confirmation for his 
message, reject it, forward it to list editor or distribute it.
-2- add a DKIM signature to outgoing messages

RFC 4871 is clear enough but my problem is that 
draft-ietf-dkim-deployment seems to be expired and ADSP is still a 
draft. This document seems a prerequisite in order to start development 
in a mailing list server.

Serge Aumont