On Jun 13, 2008, at 1:17 AM, Charles Lindsey wrote:
On Wed, 11 Jun 2008 22:52:12 +0100, Douglas Otis <dotis(_at_)mail-
abuse.org>
wrote:
Disagree. Unlike DKIM (RFC4871) where use is self evident, a
practice assertion must declare which transport protocol is
covered. Otherwise it is impossible to discern specifically what
is being asserted. Are messages signed for SMTP, or NNTP, for
example.
But you still have not explained, despite being asked repeatedly,
how that question is to be answered for a particular message.
A Practice should be defined by its specification to cover specific
transport protocols when being asserted by transmitting domains. It
is unreasonable to suggest all transport protocols that might ever use
DKIM must employ DKIM at the same level before an ADSP assertion can
be made. When only SMTP messages uniformly employ DKIM, then defining
ADSP as only covering SMTP permits an assertion specific to messages
introduced by the domain over SMTP. The assertion would be silent as
to whether NNTP might employ DKIM, for example.
Discerning whether a message was "intended" to be carried by SMTP
remains a problem for receivers. NNTP messages might be converted
into messages transmitted over SMTP by third-party providers. Such
messages will not be in compliance with the domain's ADSP assertion.
ADSP non-compliance offers information to the receiver for grading
these messages. When a LOCKED assertion is made, then NTTP will
likely be dismissed. When a CLOSED assertion is made, NTTP messages
might be annotated instead.
If the message arrives at the Verifier via SMTP, is it an SMTP
message, or is it not? And if not, how is the Verifier supposed to
know?
That is an important aspect that must be weighed when assessing
messages. The ADSP draft should clearly warn that messages normally
carried by other transport protocols might be negatively impacted when
introduced into SMTP.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html