Jim Fenton wrote:
Charles Lindsey wrote:
BUT IT DOESN'T!
If "people on this list" is referring to me, please say so. I do not
think as you assert that ADSP is keyed to the d= of the signature. That
wouldn't make sense, because ADSP has to function in the absence of any
[valid] DKIM signature.
Which includes a valid 3rd party signature? Correct?
So you're voting for the alternative that I posted the other day that
does the comparison with d= instead of i=. Please correct me if I have
this wrong.
It should be noted RFC 4871 already has an inherent protocol rule:
d= equals RHS of i= (or is a sub-domain of d=)
So the comparison is burned in for any DKIM verification
implementation to make, sans ADSP or not. if i= exist, per RFC 4871,
they have to match directly or by sub-domain.
Maybe some pseudo code might help here:
//
// DKIM (RFC 4871) RULE
//
if MSG.DKIM.I.Domain exist and
Not PrimaryDomainDomatch(MSG.DKIM.I, MSG.DKIM.D) then
Msg.DKIM.Status = INVALID
end if
//
// ADSP (RFC XXXX) RULE
//
select case( ASDP(MSG.From.Domain) )
case "DISCARDABLE":
if Msg.DKIM.Status = INVALID
OR MSG.From.Domain <> MSG.DKIM.D.Domain then
DiscardThisMessage()
end if
case "ALL":
if Msg.DKIM.Status = INVALID
OR MSG.From.Domain <> MSG.DKIM.D.Domain then
// UNDEFINED
end if
end select
So as you see, ADSP DKIM=DISCARDABLE gets the invalid status of the
DKIM d=, i= comparison failure. It doesn't need to compare the i
because DKIM already states what the format must be
--
Sincerely
Hector Santos
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html