Re: [ietf-dkim] Re: "I sign everything" yes/no
2006-11-23 08:23:03
On Wed, 22 Nov 2006 17:34:18 -0000, Hector Santos <hsantos(_at_)santronics(_dot_)com>
wrote:
Frank Ellermann wrote:
Hector Santos wrote:
I don't see whats so hard to understand about this.
I don't understand the definition of "my" in "all my mail is signed",
wrt mail without signatures (or unrelated signuters). What is "my" ?
Anything that's neither PRA nor MAIL FROM doesn't fly, and MAIL FROM
is out of scope. From that I conclude that "my" MUST mean PRA, is
that correct ?
Frank
No, MAIL FROM has nothing do with it and you (speaking in general) keep
talking about 821 stuff, then that only feeds unrelated nonsense SPF
talk to those who want to believe they discovered anything new about
whats wrong with SPF.
If writers of verifiers find it useful to use knowledge of the envelope
addresses, then they will do so, whatever we say. Those fighting spam
cannot do so with one hand tied behind their backs.
Its the 2822.FROM: that is "My" mail. That is the constant, consistent
frame work in every mail system, including gateways. The 2822.FROM is
the "connector' between what is WRITTEN and what is SHOWN.
On the contrary, it is the Sender header if present that should be the
decider, and only the From if Sender is absent. People keep ignoring the
fact that there can be several addresses in a From header (in which case
Sender is obligatory).
On top of that, the message might also be Resent, as Frank has pointed
out. Hopefully, the resender will have preserved the Signature put there
on behalf of the original Sender. If the Resender also "signs everything",
then an extra signature should be picked up there.
BTW, the bit in the base document that says the "From" MUST always be
signed is wrong. It should have been the Sender, and maybe any Resent-From
too. And that MUST is going to haunt us again when EAI happens, because
both From and Sender may well get changed in transit. Not clear how EAI is
going to get around that, but that obligatory From signing is not going to
make that job any easier.
Others, and they could be modern too, will process the mail after it is
received. At this point, the technology can not be dependent on any
2821 information being available to them.
On the contrary, the MAIL FROM should now be in the Return-Path, and then
it is a 2822 header and the verifier is allowed to look at it. So why
shouldn't it look at it before then?
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [ietf-dkim] Re: ISSUE: Better definition of "DKIM signing complete" required, (continued)
- Re: [ietf-dkim] Re: ISSUE: Better definition of "DKIM signing complete" required, Eliot Lear
- [ietf-dkim] Re: ISSUE: Better definition of "DKIM signing complete" required, Frank Ellermann
- Re: [ietf-dkim] Re: ISSUE: Better definition of"DKIM signing complete" required, Hector Santos
- [ietf-dkim] Resend-cruft (was: ISSUE: Better definition of"DKIM signing complete" required), Frank Ellermann
- Re: [ietf-dkim] Re: ISSUE: Better definition of "DKIM signing complete" required, Charles Lindsey
- Re: [ietf-dkim] Re: ISSUE: Better definition of "DKIM signing complete" required, Stephen Farrell
- Re: [ietf-dkim] Re: ISSUE: Better definition of "DKIM signing complete" required, Charles Lindsey
- Re: [ietf-dkim] Re: "I sign everything" yes/no,
Charles Lindsey <=
- Re: [ietf-dkim] Re: "I sign everything" yes/no, Hector Santos
- Message not available
- Re: [ietf-dkim] Re: "I sign everything" yes/no, Hector Santos
- Message not available
- Re: [ietf-dkim] Re: "I sign everything" yes/no, Hector Santos
- Re: [ietf-dkim] Re: "I sign everything" yes/no, Charles Lindsey
- Re: [ietf-dkim] Re: "I sign everything" yes/no, Stephen Farrell
- [ietf-dkim] EAI + SSP status (was: "I sign everything" yes/no), Frank Ellermann
- Re: [ietf-dkim] Re: "I sign everything" yes/no, Hector Santos
- Re: [ietf-dkim] Re: "I sign everything" yes/no, Charles Lindsey
- [ietf-dkim] Re: "I sign everything" yes/no, Frank Ellermann
- Re: [ietf-dkim] Re: "I sign everything" yes/no, Hector Santos
|
|
|