[ietf-dkim] Corner cases and loose ends, was , draft-vesely-dkim-joint-sigs
John R. Levine
johnl at iecc.com
Mon Sep 27 08:07:41 PDT 2010
>> Good point. So it's two things, lists should sign outgoing mail, and
>> discard any incoming mail with dkim=discardable.
>
> No, they should reject the email at SMTP time. The email is NOT discardable
> when it arrives at the MLM. Rejection at SMTP time does no harm, and gives
> the sender an opportunity to fix the problem.
OK, so during the SMTP session, more particularly during the interval
between receiving the dot at the end of data and returning a status code,
my SMTP daemon needs to:
* identify recipient addresses that are mailing lists
* look for DKIM signatures in the message header
* find the From: address
* if there's a signature with a d= that matches the From: address, do the
calculations to generate the DKIM hash, fetch the key record from the DNS,
and see if it's good
* if there's not a good author signature, fetch the ADSP record and see
what it says
* if it says discardable, return 5xx
* otherwise return 2xx
That seems an awful lot of work to do with the connection open to deal
with what is unlikely to be more than a rare misconfiguration. When you
made these changes to your MTA, how much work was it? How much effect did
it have on overall MTA performance? If you haven't implemented them, why
not?
And since this group seems to be obsessed with arcane corner cases, what
do you do with a discardable message if it's sent to two addresses, one of
which is a mailing list and one of which isn't?
R's,
John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2304 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mipassoc.org/pipermail/ietf-dkim/attachments/20100927/0fafa45f/attachment.bin
More information about the ietf-dkim
mailing list