[mail-vet-discuss] Auth-Results issues? #2 headerspec

Tony Hansen tony at att.com
Tue Mar 28 12:38:10 PST 2006


Arvel Hathcock wrote:
>> 4) Make the headerspec value a mailbox, domain or token. Which it is
>> would also to be specified in the authentication method specific
>> registration for a given method.
> 
> Would either of those options mean an update to (for example) the [AUTH]
> spec would be required to add this text?   Could we define something to
> use in the interim?

This document can certainly provide an initial registration for specific
authentication mechanisms already published as RFCs and deployed. So it
can and probably should provide a registration for SMTP AUTH. I guess it
could/should also define them for mechanisms that are in the
rfc-editor's queue, so that covers SPF and SenderID.

We could also consider this spec to be the place where the DKIM method
should be defined, but that's unclear. I don't know at this point
*where* the DKIM method will be defined otherwise.

All of this would be in the IANA Considerations section.

>> 2) Make the headerspec ptype a list of "smtp", "header" and "body".
> 
> How would you do PRA?
> 
> something like:  spf2/pra: pass header=foo at bar.com (Comments);

Other than "spf2/pra" being an illegal token? :-) It would need to be
something like "spf2.pra" or "sidf" or whatever.

Since PRA will use one of four headers as the one whose identify was
used, I would expect the headerspec to be one of

	header.resent-sender
	header.resent-from
	header.sender
	header.from

followed by the identity that came out of that header.

For example:

	spf2.pra=pass header.resent-from=user at example.org (Comments)

Make sense?

	Tony Hansen
	tony at att.com


More information about the mail-vet-discuss mailing list