Josh Good skrev den 2017-02-12 02:51:
It would break the original sender's DKIM, if any. But then the mailing
list host could DKIM sign all messages just before sending them to the
list subscribers.
how should dkim handle this ?, how should dmarc handle it ?, how should
arc handle it ?
how should mailrealays handle it when dkim is not all getting dkim pass
?
you open a can of worms when dkim is breaked
Because the original sender's DKIM may or may not exist, the mailing
list doing its own DKIM signing is the only way to make that list posts
are tamper-proof at all times.
what will happend if signers signs all ?
and there signed public key is missing in dns ?
In the post-Snowden era, cryptographically signing ALL is the way to
go.
Remember, NSA not only "spies", it also "impersonates" when it needs to
do so (if it can do it). So yes, it makes sense for a mailing list to
DKIM sign the posts it sends to its subscribers.
no, dkim is not pgp
