[ietf-dkim] Re: ISSUE: Better definition of "DKIMsigning complete" required

[Hector Santos]

>> Direction #1 - incoming EMAIL

> Sure. Gatewaying dkim-signed stuff *from* email is no problem.

Agreed.

>> Direction #2 - outgoing, replies to support questions
>>
>> If posting via the RFC NEWSREADER, the NNTP Server will transform the 
>> NNTP article to EMAIL.
>> .....
>> In either case, the SMTP outgoing process will now DKIM sign the message.

> That certainly sounds like one way of tackling the problem. Others that 
> have been suggested are to treat it as a Resend, which again probably 
> involves (re)signing it. Another is to assert that people whose email 
> addresses are within an "always signed" domain MUST NEVER post to Usenet - 
> someow I cannot see that one flying. Another is to dkim-sign the original 
> news articles from that domain (which might well be the best solution, but 
> is way beyond out remit to try to specify it).

> So what other methods might there be?
>
> The point here is that the two never mixed up.  DKIM is done on the  email 
> side.

> Exactly. This is what I have been trying to tell you for the past several 
> days,

I believe I quoted, "Never the twain shall meet."  from the get-go.

>> but you always come back to raising Red Herrings such as:
>>
>> Now this is where it really gets hairy.
>>
>> What if we want the NNTP processor to DKIM sign the message?

> because NOBODY (except yourself) has ever suggested doing such a thing. 
> Forget it, and stop muddying the waters.

I'm sorry Charles, but I am not in a habit of doing an "half-ass" design 
work.  Its not in my nature and since we do have a product in this area, I 
probably do have an "advantage" of seeing more issues than you probably do.

If you want a NEWS/EMAIL gateway support, then there I don't see you getting 
getting very far with support for this without considering the NNTP posting 
issues which does include  the concept of NNTP servers creating signed mail 
in order to handle the NEWS ONLY MUA market.

---
HLS