ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] DKIM verification actors

2006-04-21 11:00:03
from [Hector Santos] [Permanent Link] 

----- Original Message -----
From: "Michael Thomas" <mike(_at_)mtcc(_dot_)com>
To: "DKIM Chair" <leiba(_at_)watson(_dot_)ibm(_dot_)com>


IMO, the problem here saying that MUA's can praticipate in
verification is a large rathole.


+1.  The standalone DKIM-ready MUA authors have all the information they
need (2822.Received: to get the MDA reception time).

They will have to tell users to frequency mail checking makes their software
work better, and they will also have to be aware that the mail between MDA
and MUA could break signatures and/or be converted/transformed messages.


There many structural impediments with them reliably verifying signatures.
For one, many MDA's torture messages in very DKIM unfriendly ways. Like
sucking the attachments into a database and regenerating the mime on
output to the MUA. For a pretty large class of MUA/MDA mating, it's my
understanding that trying to get this to work is pretty much a fools

errand.

+1.  We fall in this class. Users have Preserve MIME email options defining
how mail is converted into local format vs kept in raw MIME format.
Text/ANSI/VT100 (telnet) device users use the non-preserve format.  Web
users or POP3 users may use either/or, some turn it off to remove all HTML
based security issues, etc.


From my standpoint, I might see a design consideration:


    [X] Preserve MIME
        [X] Always for DKIM signed messages

and we can do this even with our full DKIM support. Just alittle something
for the MUA maybe.


Thus a DKIM-verification-capable MxA:

1) MUST receive email in a form whose transformations fall within the
   acceptable set of modifications as defined in -base-nn (eg, canon, l=)


+1. This is basically saying if a DKIM-Signature: exist, then it needs to
comply.  No signature, it doesn't matter.


2) MUST perform the verification within the "transport window",
   typically 7 days.


If not considering MUAs, this part of the retention time is ok since it
covers SMTP retry strategy recommendations.   But if time for MUA is going
to be considered, then 7 days is probably too short.


3) MUST store the results of the verification process if results of the
   verification process will be used for some later process


+1.

---
Hector


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] DKIM verification in MUAs, Michael Thomas
Next by Date:  Re: [ietf-dkim] DKIM verification in MUAs, Hector Santos
Previous by Thread:  Re: [ietf-dkim] DKIM verification actors, Hector Santos
Next by Thread:  RE: [ietf-dkim] Format for t=, Hallam-Baker, Phillip
Indexes:  [Date] [Thread] [Top] [All Lists]