[ietf-dkim] comments on draft-ietf-dkim-mailinglists-02
chl at clerew.man.ac.uk
Fri Sep 17 06:22:16 PDT 2010
In the course or preparing my draft-lindsey-dkim-mailinglists-00 I cam
across various other issues not directly related to my proposal.
3.1. Roles and Realities
AIUI the Verifier is the entity that examines signatures, looks up ADSP
policies, etc, and reports what it found (or didn't find).
And the Receiver is the entity that receives the message and the report
and decides what to do with it (e.g. to discard it).
At least your document seems to be written on that assuption, but does not
use it consistently. For example, there are places where you discuss the
_verifier_ discarding things (e.g. in 4.3 para 3, 5.2 para 2), but in 5.10
it is clearly the receiver that does the final discard/accept decision.
Please can you make the terminology consistent, and also add taking such
action to the duties of the receiver in 3.1.
3.3. Current MLM Effects On Signatures
Major body changes: ... such as deleting, reordering, or reformatting
5.5. Verification Outcomes at MLMs
In the case of verification of signatures on subscriptions, MLMs are
advised to add an [AUTH-RESULTS] header field to indicate the
signature(s) observed on the submission as it arrived at the MLM and
what the outcome of the evaluation was.
Don't undertstand this. Do you mean "verification of signatures by
5.6. Pros and Cons of Signature Removal
This section gives the 'pros', but it gives no 'cons'. Either change the
heading, or add (after the paragraph "Removing the original
sugnature(s)...") something like:
Alternatively, it is arguable that step 4 (removal of previously evaluated
signatures) should be omitted on the grounds that it could be useful for
forensic purposes (it is never a good idea to destroy possibly useful
evidence) and that it only causes problems when the receiver has already
broken the DKIM specification. Actually, a sensible compromise might be to
replace that signature with a matching X-Old-Signature.
5.8. Verification Outcomes at Final Receiving Sites
In general, verifiers and receivers can treat a signed message from
an MLM like any other signed message; indeed, it would be difficult
to discern any difference.
s/any difference/any difference unless some appropriate List-* header
field has been provided/
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim