[ietf-dkim] #1398 (was: Today's jabber notes...)
Frank Ellermann
nobody at xyzzy.claranet.de
Thu Mar 1 13:07:02 PST 2007
Michael Thomas wrote:
> We need to define at least one binding between a DKIM signature
> and an outside 2822 origination address. I think there's pretty
> good agreement that 2822.From is a very interesting address.
So far that's decided in -base, for a present (valid) signature.
> The question you raise, I think, is whether there are other
> addresses like Sender, etc.
My question is about mails without (valid) signature.
> nothing prevents you from doing an SSP lookup on any address or
> domain that you desire, so at some level you are accommodated.
No, it's not obvious what it means if the 2822-From domain claims
to sign all mails, and the Resent-From domain makes no statement.
> Does there really need to be anything more formal at this point?
Yes, receivers need to know that those obscure Resent-* cases, or
more likely Sender cases exist, they are permitted in 2822 mail.
If the sender (or resender) did nothing wrong, the 2822-From SSP
MUST be ignored. Maybe for pure mail scenarios we could get away
with a "if there was a valid signature you're suppoosed to keep
it as resender (or sender)" strategy, but that's not good enough
for cases like news2mail.
> I hope not because it likely a deep rathole that in the end isn't
> too likely to change anything in the protocol itself
An attempt to finish off Errors-To "officially" is on its way (*).
Anything related to "PRA" is messy, but hand-waving does not help.
I'd love it if somebody could decree that Resent-* is confusing +
unnecessary + harmful + obsolete (pick all :-), but it just won't
happen before ssp-requirements-03.
Frank
*: <http://permalink.gmane.org/gmane.ietf.message-headers/35>
More information about the ietf-dkim
mailing list