ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Issue: Deployment Guide Section 6.1/6.5 (ADSP/Forwader) conflict

2009-10-14 06:17:13
On Tue, 13 Oct 2009 22:27:52 +0100, hector 
<gmail(_dot_)sant9442(_at_)winserver(_dot_)com>  
wrote:

Charles Lindsey wrote:

On Tue, 13 Oct 2009 02:24:56 +0100, hector  
<gmail(_dot_)sant9442(_at_)winserver(_dot_)com>
wrote:

The deployment guide section 6.5 writes:

   Any forwarder that modifies messages in ways that will break
   preexisting DKIM signatures SHOULD always sign its forwarded
   messages.

But it should in addition say that it SHOULD also add an
Authentication-Results header for the signature it is about to break AND
include that A-R header within what it then signs. That will provide  
much
more information to the ultimate recipient.


But what is its not there?    DKIM=DISCARDABLE provides a Domain
Policy that mail must be signed and valid.

If a valid signature is absent, then indeed the listadmin should discard  
it (maybe even with 'ALL'). But the case of most interest is when the  
message arrives with a valid signature. In that case, the listadmin should  
do his best to forward it, but what does he do if the list policy is to  
munge? That is what we are discussing.

So he adds Authentication-Results and signs it. At least then the final  
recipient can see that and decide to ignore the failure of the original  
signature ("DISCARDABLE" or not), assuming he trusts the listadmin.

But if the final recipient sees that there was NO valid original signature  
(nor any Authentication-Results in that case), then he should of course  
Discard it (even if the original listadmin had not).

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html