[ietf-dkim] Proposal: Removal of AUID (i= tag/value)
Charles Lindsey
chl at clerew.man.ac.uk
Fri Apr 8 04:38:56 PDT 2011
On Thu, 07 Apr 2011 16:44:56 +0100, Steve Atkins <steve at wordtothewise.com>
wrote:
> On Apr 7, 2011, at 5:13 AM, Charles Lindsey wrote:
>> E.g. DKIM-Signature: v=1; d=corp.example.com; <blah>;
>> tx="birthdate=1970-02-24"
>>
>> or DKIM-Signature: v=1; d=corp.example.com; <blah>;
>> tx="signed by List Expander"
>>
>> I suppose such a tag would have to be an extension to avoid recycling at
>> Proposed.
>
>
> It's not machine readable and has no semantics - so a sender who just
> wants to stash human readable trace or advertising content (a-la
> User-Agent)
> could use a 5322 field just as well, possibly the "Comments".
Yes, I thought of that. But my intent was that at least this tag would be
reported in any Authentication-Results header, and that header is normally
the first place people will look to resolve suspicions concerning
signatures. Essentially, it is for human interpretation, but good luck to
anyone who finds some way to use it automatically.
The 'i=' tag is in a similar state. For sure it is useful to have some
signed indication of who the actual author was (in situations where the
signer can be sure of that). That was what 'i=' was supposed to achieve,
but its semantics are a bit too weak for that. Nevertheless if (as seems
to be the case) it is shown in the Authentication-Results it would have
some value for humans (and even for automata when used with care).
In practice, there are three usages which seem to be common; are there
others?
1. FROM = Alice at whatever i=sales.example.com d=example.com
2. FROM = Alice at example.com i=sales at example.com d=example.com
3. From = Alice at example.com i=bob at example.com d=example.com.
1. Gives some clue, and avoids a different key for the sales subdomain
2. Is fine, but don't expect sales at example.com to be a working email
address.
3. Is a cause for suspicion, but it takes a human to realise the
distinction between "bob" and "sales".
So my inclination is to leave 'i=' there. It is currently used, and will
continue to be used even if we remove it. It is not actually broke - just
not quite fit for purpose.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim
mailing list