[At-Large] Fw: Use of DKIM on at-large mailing list

[Olivier MJ Crepin-Leblond]

Hello everyone,

sorry for posting this here, but I sent the enquiry to the
at-large-owner address but received no reply, so I think this might
have gotten lost or ended up in /dev/null..
In short: DKIM/DomainKeys is incorrectly set-up for
atlarge-lists.icann.org

Warm regards,

Olivier

-- 
Olivier MJ Crepin-Leblond, Ph.D
Global Information Highway Ltd
http://www.gih.com/ocl.html


----- Original Message ----- 
From: "Olivier MJ Crepin-Leblond" <ocl at gih.com>
To: <at-large-owner at atlarge-lists.icann.org>
Sent: Wednesday, November 12, 2008 12:04 PM
Subject: Use of DKIM on at-large mailing list


> Hello there,
>
> I have noticed that you are using DKIM/DomainKeys on the at-large
> ICANN server.
> I think that it is great that you are embracing new technology. It
is
> also great that the server supports TLS.
>
> However, it appears that its implementation for domainkeys/DKIM on
the
> mailing list does not work correctly.
>
> At present:
>
> - messages which are DKIM-signed keep their DKIM signature and
> therefore FAIL when received, because the at-large mailing list adds
a
> footer (how to subscribe/unsubscribe), so the message has been
> tampered with
> - messages which are not DKIM-signed become signed by the
> atlarge-lists.icann.org server. However, there is no entry for
> default._domainkey.atlarge-lists.icann.org key in the DNS.
>
> What should really happen:
>
> - the atlarge-lists.icann.org server should recognise when a
domainkey
> is active & replace the incoming domainkey with its own domainkey if
> positive.
> - atlarge-lists.icann.org should have an entry in the ICANN DNS for
> its key under: default._domainkey.atlarge-lists.icann.org
>
> If you have any questions, don't hesitate to ask.
>
> Warm regards,
>
> Olivier
>
> -- 
> Olivier MJ Crepin-Leblond, Ph.D
> Global Information Highway Ltd
> http://www.gih.com/ocl.html
>