It appears that Dave Crocker <dcroc...@bbiw.net> said: >On 2/4/2025 2:43 PM, Wei Chuang wrote: >> Each originator or forwarder has to own the entire message that leaves >> its system > >Wei, thanks for the comments. > >If your above statement is true, then why is it necessary to do the >reversal?
So you can tell if the earlier signatures in the chain were real. >Why doesn't one handler's taking responsibility eliminate the need to >worry about the predecessors. That's what ARC did, a chain of signatures with no way to tell whether anything but the most recent one actually matched the contents of the messages. We tried that and its acceptance has been underwhelming. It seems to me that a validated chain can be useful for developing the reputations of all of the entities with signatures in the chain, not just the most recent one. Also, we know that most of the changes that mailing lists make are fairly simple, so I can imagine filtering schemes that recognize changes that lists usually do, so if it sees a message with list-like changes, it can give more weight to the reputation of the earlier signers. IF it can't evaluate the changes, it's no worse off than it is now. This makes it easier to handle the issue that lists often do lousy filtering of incoming mail, so now you can do retroactive filtering and DMARC enforcement. If someone's going to say we don't know if this will work, it's true, we don't. But the only way to find out is to try it with some interoperating implemetations and see. R's, John _______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
