In message <alpine.OSX.2.11.1510271801250.34501@xxxxxxx>, "John R Levine" write s: > > Actually we need to validate two assertions: > > > > * That the mail came from the stated author, e.g. PHB. > > * That the mail was relayed by the IETF mailing list. > > Well, yes, but those are easy. What's hard is demonstrating that the > message that the list relayed is the same in a semantic sense as the > message that Phill sent, even though it has the kind of changes that lists > make, a tag in the subject line, a footer at the bottom, and attachments > stripped. Perhaps we should not be stripping attachments but encapsulating the whole message with enough DKIM signed meta data to enable DKIM processing to work a the far end after DKIM verifying the mailing list input first. This gives you a trust chain. Add in List-Label: <string> header to allow the MUA to insert it into the displayed Subject: and a footer after the encapsulated message. The latter should work immediately. If list policy is not to have attachements then reject the submission rather than strip the attachements. If list policy is no text/html then reject messages with text/html. Mark > See the last decade or so on the DKIM and now DMARC mailing lists for > endless not very productive discussions about ways to describe permitted > changes without also allowing vast amounts of spam and phishing, leavened > by blithe assertions that mailing lists have been doing the wrong thing > for 40 years and should never make any changes to messages at all. > > Regards, > John Levine, johnl@xxxxxxxxx, Taughannock Networks, Trumansburg NY > Please consider the environment before reading this e-mail. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@xxxxxxx