ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Draft minutes...

2006-07-13 13:46:40
from [Scott Kitterman] [Permanent Link] 
On Thursday 13 July 2006 14:29, Tony Hansen wrote:

Scott, please reread the appeal response note more carefully. It does
not denigrate Resent-*, but acknowledges that rfc822/rfc2822-compliant
systems were not required to follow the practice. (It's marked as a
SHOULD requirement.) Consequently, a system can be compliant without
supporting Resent-*. However, *IF* a system supports that SHOULD (and
they should, of course, :-) ), then DKIM had better be able to handle it
properly



The appeal had multiple points.  One of which was that resent-* header fields 
were for information only and should not be automatically acted on:


2. Use Resent-* headers for automatic action, which is incompatible
with RFC2822



Ref: http://www.ietf.org/rfc/rfc2822.txt (section 3.6.6):



| Resent fields are
| strictly informational. They MUST NOT be used in the normal
| processing of replies or other such automatic actions on messages.



I take "automatic action" to include rejection and bouncing of messages
and draft-lyon-senderid-core-01 recommends when PRA address derived from
Resent- header is not authorized based on corresponding SPF record check,
then message is to be rejected by mail system in automated manner.


If the fields MUST NOT be used in processing on the receive side, what's the 
point in signing them?  While signing them surely doesn't hurt, I can't see 
how it should be required.

So, getting a back to your original point:


On Wednesday 12 July 2006 23:16, Tony Hansen wrote:

Resent-From: and Resent-Sender: would be signed only if present in the
header. It's perfectly legit for a forwarding system to add them (and
expected according to the specs), and if that forwarding server then
signs the message, those headers MUST be treated in the same category as
From: and Sender:.

All four of these headers should be treated as: if present, it MUST be
signed.


I think this is incorrect.  Resent-* are fundamentally different than 
From:/Sender:.

Scott K
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] drop requirement to sign "From" or other "originator" headers?, Dave Crocker
Next by Date:  Re: [ietf-dkim] Draft minutes..., Barry Leiba
Previous by Thread:  Re: [ietf-dkim] Draft minutes..., Tony Hansen
Next by Thread:  Re: [ietf-dkim] Resent-* handling (was: Draft minutes...), Eric Allman
Indexes:  [Date] [Thread] [Top] [All Lists]