ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: ISSUE: Better definition of "DKIM signing complete" required

2006-11-24 14:34:56
On Fri, 24 Nov 2006 13:07:40 -0000, Hector Santos <hsantos(_at_)santronics(_dot_)com> wrote:

Direction #1 - incoming EMAIL

If the original EMAIL is DKIM signed, then our SMTP processor will validate it. Once validated, our gate will move it into the "support" conference/newsgroup.

Sure. Gatewaying dkim-signed stuff *from* email is no problem.

Direction #2 - outgoing, replies to support questions

If posting via the RFC NEWSREADER, the NNTP Server will transform the NNTP article to EMAIL.

Yes, that is the interesting case. A news2email gateway is, from the POV of this WG, just another agent for generating emails (and as such it is on topic if it raises special problems). The fact that it came from NNTP is an irrelevance, *except* insofar as it may introduce an unsigned message whose From/Sender/whatever is from a domain that claims to sign everything. That is something we may need to worry about.

In either case, the SMTP outgoing process will now DKIM sign the message.

That certainly sounds like one way of tackling the problem. Others that have been suggested are to treat it as a Resend, which again probably involves (re)signing it. Another is to assert that people whose email addresses are within an "always signed" domain MUST NEVER post to Usenet - someow I cannot see that one flying. Another is to dkim-sign the original news articles from that domain (which might well be the best solution, but is way beyond out remit to try to specify it).

So what other methods might there be?

The point here is that the two never mixed up. DKIM is done on the email side.

Exactly. This is what I have been trying to tell you for the past several days, but you always come back to raising Red Herrings such as:

Now this is where it really gets hairy.

What if we want the NNTP processor to DKIM sign the message?

because NOBODY (except yourself) has ever suggested doing such a thing. Forget it, and stop muddying the waters.

--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131     Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>