Douglas Otis wrote:
On Apr 3, 2009, at 3:30 PM, DKIM Chair wrote:
1. On the content, we hashed out a few things that needed tweaking,
and Dave has already posted about these. The response looks good.
The chairs note that Dave's proposed changes have rough consensus.
We understand that Dave has a new draft with the current version of
those changes ready to go. Since the changes have already been
agreed to, we think we do not need an explicit Working Group Last
Call on it.
Is this an errata? What is the rush? Why prevent the WG from
commenting on finalized changes? It is not clear what now represents
"agreement" or "consensus". Excluding any WG input might be overly
optimistic.
Its called Consensus by Osmosis. There is just too much so drama here. :-)
Anyway, FWIW, I have one nit regarding the original message submitter
------------------
6. RFC4871 Section 2.9 Signing Domain Identifier (SDID)
A single domain name that is the mandatory payload output of DKIM
and that refers to the identity claiming responsibility for
introduction of a message into the mail stream.
------------------
The SDID is not necessarily the identity for introducing a message
into a mail system. An AUTHOR can introduce/submit a message and
unbeknownst to him during the router/relay process, it may sign it,
resign it, or not. The process is not the originating submitter.
Suggestion: Add one single word:
A single domain name that is the mandatory payload output of DKIM
and that refers to the identity claiming responsibility for
introduction of a SIGNED message into the mail stream.
Background:
Example, using my junk gmail.com account:
sant9442(_at_)gmail(_dot_)com
At gmail.com web online setup, I have added a 2nd account to it:
gmail-sant9442(_at_)winserver(_dot_)com
I own winserver.com.
From my Thunderbird MUA, I can send email to gmail.com via port 587.
From: gmail-sant9442(_at_)winserver(_dot_)com
To: boss(_at_)beta(_dot_)winserver(_dot_)com
Press SEND, gmail gets it and routes it to the boss.
When I get the mail at our beta.winserver.com site, the message source
has this:
DKIM-Signature: d=gmail.com; s=gamma; ....
Return-Path: <sant9442(_at_)gmail(_dot_)com>
Sender: HLS <sant9442(_at_)gmail(_dot_)com>
Message-ID: <49D76C81(_dot_)7090903(_at_)winserver(_dot_)com>
From: hector <gmail(_dot_)sant9442(_at_)winserver(_dot_)com>
To: boss(_at_)beta(_dot_)winserver(_dot_)com
I am introducing the message into the mail stream. Not GMAIL. This is
clearly identify by the Message-id:. The author is always the
responsible party for the message. The identity that submits it is
generally not going to be the signer process unless its a MUA doing
the signing.
At best, we can say that the SDID is responsible for introducing the
SIGNED message.
--
Sincerely
Hector Santos
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html