[ietf-dkim] Issue: Deployment Guide Section 6.1/6.5 (ADSP/Forwader) conflict
chl at clerew.man.ac.uk
Thu Oct 15 04:02:59 PDT 2009
On Wed, 14 Oct 2009 13:31:48 +0100, hector <gmail.sant9442 at winserver.com>
> Charles Lindsey wrote:
>>> But what [if] its not there? DKIM=DISCARDABLE provides a Domain
>>> Policy that mail must be signed and valid.
>> If a valid signature is absent, then indeed the listadmin should discard
>> it (maybe even with 'ALL'). But the case of most interest is when the
>> message arrives with a valid signature. In that case, the listadmin
>> do his best to forward it, but what does he do if the list policy is to
>> munge? That is what we are discussing.
>> So he adds Authentication-Results and signs it. At least then the final
>> recipient can see that and decide to ignore the failure of the original
>> signature ("DISCARDABLE" or not), assuming he trusts the listadmin.
> It was decided in all the documents that have the semantics, and its
> there if you check it, that the ANCHOR for policy is the 5322.From
> IOW, we can't use a random AR header that can be forged for this. The
> From: is a traditional header that MUST be there and it represents the
> traditional constitution for the Authorship and Original Domain.
The reliability, or forgeabbility of what I am proposing is a matter we
can indeed discuss. But I would claim it is at least better than doing
nothing about this issue.
>> But if the final recipient sees that there was NO valid original
>> (nor any Authentication-Results in that case), then he should of course
>> Discard it (even if the original listadmin had not).
> The issue at hand as a I posted, is whether a intermediary
> (signer/resigner) which technically is also a receiver as well,
> SHOULD|MUST also follows the same rules all receivers is expected to do.
There is no SHOULD|MUST about what recipients do. At most, it is a matter
of Best Common Practice, which this WG might well choose to incorporate in
a BCP RFC. But what would such a BCP document say?
It might say that all invalid DISCARDABLE email "SHOULD" be discarded.
It might say that all invalid DISCARDABLE email "SHOULD" be marked as such
and sent on.
It might say that invalid DISCARDABLE email "SHOULD" be treated in some
different way if accompanied by a signed A-R record as I have suggested.
It might say that Listadmins "SHOULD" treat mail addressed to their list
just like any other recipient "SHOULD" treat it.
It might say that Listadmins "SHOULD", as a special case, take actions
different from other recipients (whether by adding A-R records, or
It might (or might not) make special recommendations for other forwarders,
such as acm.org.
None of these possibilities is, a priori, preordained. None of them is
contrary to anything currently on the Standards Track.
All of them are a proper subject of discussion, should this WG decide to
embark on such a BCP (and the misunderstandings repeatedly displayed here
seem to suggest that something of the sort is needed).
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim