Jim Fenton wrote:
Dave CROCKER wrote:
ps. That includes dropping the "ADSP is incompatible" note.
If you mean the note that I included in the alternative text that I
posted, I disagree. Parent domain signing is a technique described in
RFC 4871. If it can't be used with ADSP because ADSP compares against
the d= value rather than the domain part of i=, then that limitation
should be pointed out in an informative note so that domains don't get
stung by setting up parent domain signing and then find that ADSP
doesn't do what they expect.
First, this is one of the simplifications we get by the change that the working
group agreed to, with the RFC4871 Update about to be formally approved, and
with
the use of SDID, rather than AUID, in ADSP: the issue of a "parent"
disappears.
All that is left is the more general question of deciding how to distinguish
among outgoing mail streams with different SDID values.
Second, either the d= matches the domain in the rfc5322.From field, or it
doesn't. There is no complexity or subtlety to the test, so there are no
"implications" that need to be pointed out.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html