Russell Coker wrote: > On Friday 03 October 2008 18:32, Thomas Viehmann <[EMAIL PROTECTED]> wrote: >>> To prevent forgeries of mail from the lists.debian.org server I believe >>> that we should have DKIM installed to sign all outbound mail. It really >>> is not difficult to do in Lenny, and it shouldn't be difficult to >>> back-port the relevant packages to Etch if necessary. >> I don't think it's appropriate to sign relayed mails unless we have >> verified some previous signature and even then it's questionable. > > The signature is not making any statement about the content of the message, > merely about where it came from. Yeah, and the messages don't originate at lists.debian.org, they are merely forwarded. The little I read (in the discussion of the l= length field) seems to indicate that the designers of DKIM agree that forwarders should not sign messages. IMO signing arbitrary messages on forward would defeat the purpose of DKIM. For gmail, mail actually originates with them. That's a fundamental difference to lists.d.o.
Kind regards T. -- Thomas Viehmann, http://thomas.viehmann.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
