On Jan 22, 2008, at 10:42 PM, Jim Fenton wrote:
The question of what qualifies as an Author Signature is a different
issue and we need to use the same definition in the multiple From
address case as in the single From address case. That is issue
#1519, and let's discuss it in the context of that issue.
Jim,
You are missing the point. The requirements created by the Author
Signature definition is breaking email semantics. This problem exists
whether the SSP process depends upon policy being obtained from the
first or all email-address domains within the From header. The
suggested solution was to have signatures with a domain at or above
the domain of the From address in question to provide "all" or
"strict" compliance. (An exception would need to be made only for g=
restricted keys.) By depending upon just the _domain_, a signature
could be on-behalf-of the Sender header, or any other header for that
matter, and provide SSP compliance. Basing compliance upon just the
domain avoids semantic problems created when a Sender entity
introduces the message, rather than the From entity.
I don't think that the specification should specify a limit on the
number of From address domains that should be checked, because RFC
2822 doesn't specify a limit. As a practical matter, some verifiers
may decide to impose their own limits, and I don't think that
introduces a problem with "interchange". SSP is really about giving
additional information to the verifier, and if they decide not to
avail themselves of all of the information available, that's up to
them (as is the decision whether they want to use SSP information at
all).
Whenever a verifier decides there are too many From domains to bother
discovering all the SSP records, it MUST treat this message as having
failed SSP compliance. Otherwise, additional From email-addresses
would be a means to bypass SSP policies. This also means you are
suggesting there be some undefined limit that might then cause email
to be rejected. Valid mail rejected as a result of an undefined limit
must be described as an interchange problem.
If the WG has the brass to say all From email-addresses should have
their SSP records discovered, the WG should also define a minimum
number of email-addresses where interchange is assure. EAI has
defined the use of two From addresses to permit alternative formats.
With the introduction of non-ASCII TLDs, these alternative formats
might become required, as ACE labels may not be displayed.
Set the From email-address minimum maximum at 2, 4, or 6. SSP policy
established by just the first domain without imposing a limit on the
number of From email-addresses would also be acceptable. Recipients
must understand what element of the message is being protected. This
protection is easier to explain as being for just the "first" email-
address domain. Saying the first two would make a signature
indication less informative.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html