ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Re: "I sign everything" yes/no

2006-11-22 10:45:40
from [Hector Santos] [Permanent Link] 
Frank Ellermann wrote:


Hector Santos wrote:

I don't see whats so hard to understand about this.


I don't understand the definition of "my" in "all my mail is signed",
wrt mail without signatures (or unrelated signuters).  What is "my" ?

Anything that's neither PRA nor MAIL FROM doesn't fly, and MAIL FROM
is out of scope.  From that I conclude that "my" MUST mean PRA, is
that correct ?

Frank
No, MAIL FROM has nothing do with it and you (speaking in general) keep talking about 821 stuff, then that only feeds unrelated nonsense SPF talk to those who want to believe they discovered anything new about whats wrong with SPF.
DKIM/SSP is 100% 2822 and the only thing close to the MAIL FROM is possibly the inclusion of the Sender: address in the hashing. This is not about SPF, PRA. (See more below)
Its the 2822.FROM: that is "My" mail. That is the constant, consistent frame work in every mail system, including gateways. The 2822.FROM is the "connector' between what is WRITTEN and what is SHOWN. 

That's it. No more, no less.
That said, for a system that might want employ 2821 and 2822 logic, for example, a domain may have an exclusive SPF policy and an exclusive DKIM/SSP policy. The RECEIVER will process 2821 first. SPF must pass first before it even gets to 2822, and when it goes to 2822, all 2821 logic has already been satisfied. However, if the 2821 fails, then DKIM/SSP does not even come into play.
Now, is there a tie-in? There is probably has logic to make a tie-in between the two. But I see them as completely separate and you need to keep it that way for 1 main reason: 

     - Dynamic SMTP processing vs Post SMTP processing
A more modern system will in be able to process DKIM/SSP at the transient level (at the DATA stage). Here this framework has a greater chance of having some "tie-in" logic.
Others, and they could be modern too, will process the mail after it is received. At this point, the technology can not be dependent on any 2821 information being available to them.
So in short. DKIM/SSP is 100% 2822. It can not be dependent on any 2821 information. 

---
HLS

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] Re: "I sign everything" yes/no, Frank Ellermann
Next by Date:  RE: [ietf-dkim] "I sign everything" yes/no, Hallam-Baker, Phillip
Previous by Thread:  [ietf-dkim] Re: "I sign everything" yes/no, Frank Ellermann
Next by Thread:  [ietf-dkim] ISSUE: Better definition of "DKIM signing complete" required (was: "I sign everything" yes/no), Frank Ellermann
Indexes:  [Date] [Thread] [Top] [All Lists]