ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-dkim] Issue 1519: SSP-01 Unnecessary constraint on i= when asserting "strict"

2008-07-04 05:49:03
from [Stephen Farrell] [Permanent Link] 

Issue description: https://rt.psg.com/Ticket/Display.html?id=1519

Various threads.

The clearest message in that thread I can find is this:

Jim Fenton wrote:

To briefly summarize, I understand Doug's issue to be the question
of whether the local-part of an Author Address should be matched
against the i= value, if a local-part is present in i=.

SSP matches the local part if present
draft-levine-asp-00 matches only the domain part
Doug is suggesting a third alternative:  to match the Author Address
against the g= field in the key record used to verify the signature.

Doug, please verify that I understand the issue correctly before I
invest a lot of keystrokes in responding.


ssp-04 does include the local part if present, so the draft-levine
variant is off the table. I've not found a clear description of how
to use g= in the thread (that I could follow).

I suggest we close 1519 and (if necessary) Doug can send around
a new proposal specifying his g= based alternative to the paragraphs
of ssp-04 copied below.

If there's no further discussion of this, I'll ask Eliot to
close it on July 11.

S.

The text about i= in ssp-04 is:

    An "Author Signature" is any Valid Signature where the identity of
    the user or agent on behalf of which the message is signed (listed in
    the "i=" tag or its default value from the "d=" tag) matches an
    Author Address in the message.  When the identity of the user or
    agent includes a Local-part, the identities match if the Local-parts
    are the same string, and the domains are the same string.  Otherwise,
    the identities match if the domains are the same string.  Following
    [RFC2821], Local-part comparisons are case sensitive, domain
    comparisons are case insensitive.

    For example, if a message has a Valid Signature, with the DKIM-
    Signature field containing "i=a(_at_)domain(_dot_)example", then 
domain.example
    is asserting that it takes responsibility for the message.  If the
    message's From: field contains the address "b(_at_)domain(_dot_)example" 
and an
    ADSP query produces a "dkim=all" or "dkim=discardable" result, that
    would mean that the message does not have a valid Author Signature.
    Even though the message is signed by the same domain, it fails to
    satisfy ADSP.

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [ietf-dkim] Issue 1519: SSP-01 Unnecessary constraint on i= when asserting "strict", Stephen Farrell <=
Previous by Date:  [ietf-dkim] Issue 1579: ADSP result set, New issue: ADSP status codes, Stephen Farrell
Next by Date:  Re: [ietf-dkim] Issue 1574: fix ADSP's xml2rfc 'code', John Levine
Previous by Thread:  [ietf-dkim] Issue 1579: ADSP result set, New issue: ADSP status codes, Stephen Farrell
Next by Thread:  [ietf-dkim] Issues summary - 20080704, Stephen Farrell
Indexes:  [Date] [Thread] [Top] [All Lists]