[ietf-dkim] Possible C14N incorporating MIME decoding
Dave Crocker
dhc at dcrocker.net
Fri Dec 8 14:32:20 PST 2006
Bill.Oxley at cox.com wrote:
> I would suggest that DKIM operates between the signing MTA and the edge
> boundary MTA of the receiving domain that is the certifier of DKIM
> signatures which may be a smart MUA but is more likely a filtering MTA
> at the ISP.
This is the sort of question that prompted my to add the construct of
Administrative Management Domain (ADMD) to the Internet Mail Architecture draft
<http://bbiw.net/specifications/draft-crocker-email-arch-05.html>
DKIM is envisioned as having signing done within an originating ADMD -- that is,
within a trust boundary associated with the author or at least with the author's
email posting service, and having validation done by a similarly-scoped
environment at the recipient end. (Validation by intermediaries is fine, but
hasn't been a focus.)
Exactly which host within an ADMD will do signing or validating is not
constrained by DKIM's design.
There are operationally realities that will constrain the choices for many
ADMDs, but this is not a matter of DKIM design, but rather of handling (or
perhaps MIShandling) behaviors within the ADMD.
Any other statements about host choices are a matter of preference, rather than
need. That the statements might prove true doesn't make them less an
administrative choice.
So, yeah, a scenario that is viewed as highly likely is signing by the outbound
boundary MTA and validating by the inbound boundary MTA. Lots of good reasons
for do that that. None of them makes this scenario mandatory, however.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
More information about the ietf-dkim
mailing list