ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Consensus point on ADSP

2009-04-03 11:23:42
from [Charles Lindsey] [Permanent Link] 
On Wed, 01 Apr 2009 23:38:39 +0100, Jim Fenton <fenton(_at_)cisco(_dot_)com> 
wrote:


One more try to clarify things, then I'll stop trying.

Charles Lindsey wrote:


The existence of an ADSP record states that "If you see this domain in  
the
From: header of any email, you should expect to see also a valid  
signature
with this same domain in its d= (and maybe we also invite you to discard
it if such a signature is absent)".



Go look at draft-ietf-dkim-ssp-09.  It doesn't say anything about using
d= in this way; it requires a valid Author Signature.  See section 2.7
for the definition of Author Signature, which involves comparing the

From address and the i= address.


Ah! I stand corrected!

OTOH, that is not how the meaning of i= has been portrayed in recent
discussions of Dave's Errata. If, as the present RFC is alleged to state,
and Dave's Errata confirm, the i= tag is merely opaque information that
may be useful, but forms no essential part of the protocol beyond the fact
that it is there and the signature proves that it was there when
originally signed, then it follows that the ADSP draft is inconsistent
with the RFC.

In that case, one or the other needs to be changed, and the mood of recent
exchanges is that the RFC should be left alone (or confirmed by the
Errata), in which case ADSP needs to be changed. And we had better not
proceed any further until we have agreed on that.


So you're voting for the alternative that I posted the other day that
does the comparison with d= instead of i=.  Please correct me if I have
this wrong.


Yes, it would seem so. It certainly removes any confusion where the
signature applied by the mailing list also has to do double duty as the
Author Signature. Though it might be regarded as Best Practice for the
message to acquire two signatures in that case (likely with different i=
tags, but signed with the same key), just as would have happened if the
message for the list had arrived from some external domain that had
already supplied an Author Signature.



-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Author Signature vs. Author Domain Signature / Internal vs External threats, Hector Santos
Next by Date:  Re: [ietf-dkim] Author Signature vs. Author Domain Signature / Internal vs External threats, Jeff Macdonald
Previous by Thread:  Re: [ietf-dkim] Consensus point on ADSP, Hector Santos
Next by Thread:  Re: [ietf-dkim] Consensus point on ADSP, MH Michael Hammer (5304)
Indexes:  [Date] [Thread] [Top] [All Lists]