On 13/Nov/11 06:51, Murray S. Kucherawy wrote:
From: irtf.org On Behalf Of Paul Smith
If you have A -> B, then server B forwards to server C, C can't do any
authentication based on A, because A doesn't know about the forwarding
(or it would, presumably, just send to C directly).
There's an alternative proposal under development.
Is participation open?
B [...] applies an Authentication-Results (RFC5451) field. When it
relays toward C, it DKIM-signs the augmented message first. When C
gets it, it can use the contents of the Authentication-Results field
that B added [...] There must, of course, be an out-of-band
arrangement that C trusts what B claims already in place for this
to work.
The out-of-band arrangement should be standardized so as to require
the final recipient's as the sole human intervention. Does this suit
that idea? http://fixforwarding.org/wiki/forwarding_agreement
That's the theory. The specific mechanics and abuse defenses are
still evolving. The term "transitive trust" is being batted around
as a label for the concept. It's actually in production at a
couple of large mailbox providers already.
A couple? I thought transitivity implied at least three :-/
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg