ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: ISSUE 1525 -- Restriction to posting by first Author breaks email semantics

2008-01-17 15:43:34

On Jan 17, 2008, at 2:01 PM, Jim Fenton wrote:

Dave Crocker wrote:

Yes, but suppose that the Sender header were used only when the domain found therein matched one of those in the From.

I'm still missing a suggestion for what we use when the Sender header field does not match any of the addresses in the From. Do we then revert to First Author? All Authors?

Establishing compliance is a separate matter from that of establishing policy.

If the DKIM WG adopts John Levine's suggestion, then all From domain policies would need to be obtained. If the "first author" policy strategy is retained, only the From domain policy of the first email- address would be obtained.

Policy compliance for a From domain expressing either "all" or "strict" would require a signature from that domain, irrespective of the "on-behalf-of" header assertion. An exception might be made for g= restricted keys, but again the WG would need to decide this as well. IMHO, there should be an exception made for restricted keys.

Depending upon how restricted keys are handled, there might be a need to obtain the policy of the signing domain when "all" or "strict" assertions are intended to invalidate these signatures and when the domain is not present within the From header. The signing domain might be associated with any header, or no header at all. It could be the Sender header. It could be simpler to say g= restricted keys should only sign on-behalf-of a From email-address domain.

-Doug

_______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>