MACE-MList call
8-March-2006

*Attendees*
Jill Gemmill, UAB (chair, scribe)
Neal McBurnett, Internet2
Paul Russell, Notre Dame
Serge Aumont, CRU
Olivier Salaun, CRU

[AI] serge will contact Steve Farrell (done)
[AI] Jill will recontact RL Bob for feedback

*Discussion*

Had anyone tested the version of LSOFT claiming to be DKIM compliant? Surprise expressed that pre-standard DKIM incorporated into a product already; Paul does plan to test it out but has not done so yet. It appears that the LSOFT solution is to use DKIM on a per list or per user level, but does not address the mailing list service; does this mean there are no common semantics for list-level DKIM?

Discussion of I2/NIST PKI meeting; unfortunately neither Jill nor Serge can go but Neal will be there. We encouraged Serge to send a note to Steve Farrell, who is organizing a DKIM panel at that meeting, to include at least one speaker who will emphasize the importance of the mailing list issue for DKIM - perhaps someone from Cisco or Yahoo. Everyone thought Serge's summary of the issues was quite useful & he has already contacted Steve with a pointer to those discussion points. To recap (a) is there agreement that there should be a MLM signature to prove that a message was relayed by a particular forwarder? (b) if yes, how should this be done? (has to do with removal of original signature or not -- certain people feel sending signature opens possibility for replay attack).

In IETF DKIM working group discussions, people go off on long threads about replay attacks and never get back around to what MLM's should do regarding signatures - this is an example of why a special meeting on the MLM topic might be in order. However, there is an IETF meeting sometime in March and perhaps some progress will occur at that meeting.

Sympa version 52b1, with the myVocs/Shibboleth patch, was posted to Sympa's CVS on March 7 and the release should be on their web site at this point.