ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] DKIM/ADSP edge case writeup at CircleID

2009-03-24 11:39:41
from [Hector Santos] [Permanent Link] 
MH Michael Hammer (5304) wrote:

I posted a write up on an issue with DKIM/ADSP and missing message-ids
at CircleID that might be of interest to people:
 
http://www.circleid.com/posts/20090323_exploring_dkim_adsp_edge_cases_mi
ssing_message_id/

I'm going to try to spend a little more time focusing on some of the
implementation "gotchyas" related to DKIM/ADSP for a while.

Mike



Michael,

It is bad practice for receiving software to be adding an originating 
header such as a Message-ID.  Especially, is this receiver software 
has gain some DKIM smarts (its active developed software).

The BCP for all exporting software to add the Messages-ID for its own 
tracing and dupe checking purposes.

Yes, the problem sometimes today with increase dumb mail creation 
software that only pushes out:

     From:
     To:
     Subject:
     Date:

and some that only do:

     To:
     Date:

with the presumption the exporting software will add the rest.

If the exporting software also has DKIM software, then it needs to be 
compliant here with 2822/5322.

But overall, I think this is just another issue regarding policy and 
domain mail expectations.

Just consider, even without DKIM, there is a POLICY idea where a 
receiver can check the From: domain for what is expected as far as 
level of mail compliants:

    v=ietf  rfc5322=required

That might means the standard headers are expected.

It might also have:

    v=ietf  rfc5322=required msgid=example.domain.com

which might say that the message-id RSH must have example.domain.com 
as the source.

We can further extend it to add ADSP support

    v=ietf  rfc5322=required msgid=example.domain.com dkim=all

Anyway, I am not quite sure if there an issue here with Message-ID 
because it is pretty well established.

The problem is protocol consistency.  The signer within the domain 
network needs to make sure it adds the missing headers.  And receivers 
really should not be adding one - especially if it is as you say, DKIM 
compliant.

-- 
Sincerely

Hector Santos
http://www.santronics.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Reading the entrails, was Moving to consensus, HLS
Next by Date:  Re: [ietf-dkim] DKIM/ADSP edge case writeup at CircleID, Hector Santos
Previous by Thread:  [ietf-dkim] DKIM/ADSP edge case writeup at CircleID, MH Michael Hammer (5304)
Next by Thread:  Re: [ietf-dkim] DKIM/ADSP edge case writeup at CircleID, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]