ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: "I sign everything" yes/no

2006-11-23 08:23:03
On Wed, 22 Nov 2006 17:34:18 -0000, Hector Santos <hsantos(_at_)santronics(_dot_)com> wrote:

Frank Ellermann wrote:

Hector Santos wrote:

I don't see whats so hard to understand about this.
 I don't understand the definition of "my" in "all my mail is signed",
wrt mail without signatures (or unrelated signuters).  What is "my" ?
 Anything that's neither PRA nor MAIL FROM doesn't fly, and MAIL FROM
is out of scope.  From that I conclude that "my" MUST mean PRA, is
that correct ?
 Frank

No, MAIL FROM has nothing do with it and you (speaking in general) keep talking about 821 stuff, then that only feeds unrelated nonsense SPF talk to those who want to believe they discovered anything new about whats wrong with SPF.

If writers of verifiers find it useful to use knowledge of the envelope addresses, then they will do so, whatever we say. Those fighting spam cannot do so with one hand tied behind their backs.

Its the 2822.FROM: that is "My" mail. That is the constant, consistent frame work in every mail system, including gateways. The 2822.FROM is the "connector' between what is WRITTEN and what is SHOWN.

On the contrary, it is the Sender header if present that should be the decider, and only the From if Sender is absent. People keep ignoring the fact that there can be several addresses in a From header (in which case Sender is obligatory).

On top of that, the message might also be Resent, as Frank has pointed out. Hopefully, the resender will have preserved the Signature put there on behalf of the original Sender. If the Resender also "signs everything", then an extra signature should be picked up there.

BTW, the bit in the base document that says the "From" MUST always be signed is wrong. It should have been the Sender, and maybe any Resent-From too. And that MUST is going to haunt us again when EAI happens, because both From and Sender may well get changed in transit. Not clear how EAI is going to get around that, but that obligatory From signing is not going to make that job any easier.

Others, and they could be modern too, will process the mail after it is received. At this point, the technology can not be dependent on any 2821 information being available to them.

On the contrary, the MAIL FROM should now be in the Return-Path, and then it is a 2822 header and the verifier is allowed to look at it. So why shouldn't it look at it before then?

--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131     Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>