[ietf-dkim] Author Signature vs. Author Domain Signature / Internal vs External threats
Hector Santos
hsantos at santronics.com
Fri Apr 3 01:01:49 PDT 2009
Dave CROCKER wrote:
>
> Jim Fenton wrote:
>> Dave CROCKER wrote:
>>> ps. That includes dropping the "ADSP is incompatible" note.
>>>
>> If you mean the note that I included in the alternative text that I
>> posted, I disagree. Parent domain signing is a technique described in
>> RFC 4871. If it can't be used with ADSP because ADSP compares against
>> the d= value rather than the domain part of i=, then that limitation
>> should be pointed out in an informative note so that domains don't get
>> stung by setting up parent domain signing and then find that ADSP
>> doesn't do what they expect.
>
>
> First, this is one of the simplifications we get by the change that the working
> group agreed to, with the RFC4871 Update about to be formally approved, and with
> the use of SDID, rather than AUID, in ADSP: the issue of a "parent" disappears.
> All that is left is the more general question of deciding how to distinguish
> among outgoing mail streams with different SDID values.
>
> Second, either the d= matches the domain in the rfc5322.From field, or it
> doesn't. There is no complexity or subtlety to the test, so there are no
> "implications" that need to be pointed out.
So are you saying, this is the new problem (3rd party) that needs a
solution?
--
Sincerely
Hector Santos
http://www.santronics.com
More information about the ietf-dkim
mailing list