On Tue, 15 Apr 2008 21:19:40 +0100, Douglas Otis
<dotis(_at_)mail-abuse(_dot_)org>
wrote:
On Apr 15, 2008, at 4:09 AM, Charles Lindsey wrote:
But how do you know which protocol the message was written for?
If it arrives at your site via SMTP, then you should apply the ADSP
rules appropriate to SMTP. If it actually started life being
transported by XXTP, then you just have to assume that the XXTP to
SMTP gateway had fixed it up (e.g by not letting it through at all
if it was going to violate someone's policy).
Actually, we are looking at the wrong question.
Any RFC 2822 message might be signed (or not). But the <addr-spec>s in RFC
2822 contain "domain"s, and I think that there is an inbuilt presumption
that these are "domains" as understood throughout the internet, and can
therefore be expected to be found in the DNS. TYhat is quite separate from
the fact that they might be sent via protocols other than SMTP.
For example, a pure UUCP message would have a From header like
From: foo!bar!baz
in which case it is not an RFC2822 message at all. Likewise a pure X.400
message.
SMTP only defines "MAIL FROM" as an SMTP suitable email-address.
Email-addresses contained within the RFC2822 headers may adopt
different regimes pertaining to different address resolution or
transport protocols. In addition, DKIM is not limited to an email
address suitable for SMTP. One might assume any email-address signed
by DKIM is suitable with SMTP. However, a transport protocol
transition will likely involve transport conversion gateways.
And we have to presume that the conversion gateway did the "right thing"
with the From headers.
Moreover, the problem is worse than that. Suppose the From header was
From: A,B,C,D
where A and B might be reachable via SMTP and C and D not so. And it might
have
To: E,F,G,H
where E and F were reachable via SMTP but not G and H.
Now, suppose you are the verifier at E (so it arrived via SMTP, and had
perhaps been SMTP all along). You want to know whether it should have been
signed by C and D.
Your move!
For example, assume XXTP uses a different discovery method from that
of SMTP. To clarify a protocol dependence, email-addresses using a
new protocol might include a postfix label of 'xxtp', such as
"jon(_dot_)doe(_at_)example(_dot_)com(_dot_)xxtp
It might. And then again it might not.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html