ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-dkim] Resent-nit (was: Should DKIM drop SSP?)

2005-10-28 04:19:48
from [Frank Ellermann] [Permanent Link] 
Douglas Otis wrote:


Allow the DKIM SSP policy assertion be referenced from the
header associated with the domain that "introduced" the
message (Resent-Sender, Resent-From, Sender, or From), and
not the domain associated with the originator (From).


Terminology issue:  (2)822 uses "originator" for the set of
addresses found in From + Sender + Reply-To.  For From alone
they use the term "author".

I'm not sure what you mean by "introduced", is that something
like "injected into SMTP" ?  In that case neither From nor
Sender is necessarily related to the "injector", examples are
news2mail gateways or uucp2smtp relays.

While nobody has the guts to deprecate Resent-* as hopeless
it is defined in (2)822, mail territory not limited to SMTP.

So that's also not necessarily the "SMTP injector".  For SMTP
only a non-empty Return-Path is always related to the "SMTP
injector".
  
That doesn't match what you said, you mean something else by
"introduced".  Maybe "introduced to _any_ message transport
system (not limited to SMTP)" ?  Then From (and the obscure
Resent-From) are still not necessarily related to any entity
that "introduced" a message, if there's an explicit different
Sender or Resent-Sender.    

This subtlety caused an appeal (and maybe it will kill PRA),
it's also related to your and William's objections here, it
was a nightmare for MARID and mail-arch, a bug or omission
in 2476(bis) 8.1, an incompatiility between 822 and 2822, so
_please_ let's be very careful when we talk about it here.


The opaque-identifier could be an option readily available


IIRC Keith also favours that idea.  I prefer the "harden the
Return-Path" strategies, but obviously some folks are unwilling
to pay the price for that, and try to invent a new opaque
identifier protected by DKIM.  We won't know what's the better
strategy for many years.  All we can do here is get it right.

Apparently you think that some SSP ideas are for DKIM, what PRA
was for SPF, not good enough and unusable "in the real world".

I'm not sure, but "somebody said 'Resent'" is an indicator for
all kinds of ratholes.  Maybe we could avoid this by a decree,
exclude Resent- somehow from DKIM, or publish a guerilla draft
"updates 822 and 2822: Resent-* deprecated in favour of MIME".

With Resent-* removed from the picture it could be all simple.

                      Bye, Frank


_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Re: Should DKIM drop SSP?, Dave Crocker
Next by Date:  Re: [ietf-dkim] Should DKIM drop SSP?, Hector Santos
Previous by Thread:  Re: [ietf-dkim] Re: Should DKIM drop SSP?, Dave Crocker
Next by Thread:  Re: [ietf-dkim] Resent-nit (was: Should DKIM drop SSP?), Douglas Otis
Indexes:  [Date] [Thread] [Top] [All Lists]