On Apr 11, 2009, at 9:22 PM, Jim Fenton wrote:
The Informative Note I'd like to include, of course, changes
nothing. I just see the potential for people to read RFC 4871, and
where it talks about possible uses for i=, and then read ADSP which
is otherwise completely silent on i=, and not make the connection
that ADSP is only looking at d= and therefore the parent domain
signing "feature" in 4871 doesn't satisfy the Author Domain
Signature requirements of ADSP.
Yes, the ADSP specification is complete without this note (it's
informative, after all). But the compelling argument that justifies
it is that it clarifies things in a way that may improve
interoperability. We should be trying to write specifications that
promote interoperability, not just ones that are technically complete.
The ADSP compliance issue is limited to a relationship between the
From email-address domain and the signing domain. This relationship
is not defined in the base draft and is not related to the i= value.
A normative note might mention that parent domain signing for From
email-addresses will not satisfy ADSP, but it should not reference i=
values. Parent domain signing for a mailing list within a sub-domain
that includes messages with a From email-address of the signing domain
_will_ satisfy ADSP, for example. The issue is unrelated to the
i=value and is only related to parent domain signing of the From email-
address. Sub-domains within the i= value are only limited by the "s"
flag in the key record t= value, but this has nothing to do with ADSP
compliance beyond defining a valid DKIM signature.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html