ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Issue: Deployment Guide Section 6.1/6.5 (ADSP/Forwader) conflict

2009-10-13 06:34:51
On Tue, 13 Oct 2009 02:24:56 +0100, hector 
<gmail(_dot_)sant9442(_at_)winserver(_dot_)com>  
wrote:

The deployment guide section 6.5 writes:

   Any forwarder that modifies messages in ways that will break
   preexisting DKIM signatures SHOULD always sign its forwarded
   messages.

But it should in addition say that it SHOULD also add an  
Authentication-Results header for the signature it is about to break AND  
include that A-R header within what it then signs. That will provide much  
more information to the ultimate recipient.

  Before any forwarder attempts to modifies messages and add
  a new signature to the message, it SHOULD look at the
  ADSP record for the 5322.From domain.   If the domain has
  an ADSP record with "dkim=all" or "dkim=discardable", the
  forwards SHOULD NOT forward the message.

No, I think that would lose too much genuinely wanted mail.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html