ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Issue: Deployment Guide Section 6.1/6.5 (ADSP/Forwader) conflict

2009-10-14 08:35:36
Charles Lindsey wrote:

But what [if] its not there?    DKIM=DISCARDABLE provides a Domain
Policy that mail must be signed and valid.

If a valid signature is absent, then indeed the listadmin should discard  
it (maybe even with 'ALL'). But the case of most interest is when the  
message arrives with a valid signature. In that case, the listadmin should  
do his best to forward it, but what does he do if the list policy is to  
munge? That is what we are discussing.

So he adds Authentication-Results and signs it. At least then the final  
recipient can see that and decide to ignore the failure of the original  
signature ("DISCARDABLE" or not), assuming he trusts the listadmin.


It was decided in all the documents that have the semantics, and its 
there if you check it,  that the ANCHOR for policy is the 5322.From 
domain.

IOW, we can't use a random AR header that can be forged for this. The 
From: is a traditional header that MUST be there and it represents the 
  traditional constitution for the Authorship and Original Domain.

But if the final recipient sees that there was NO valid original signature  
(nor any Authentication-Results in that case), then he should of course  
Discard it (even if the original listadmin had not).

The issue at hand as a I posted, is whether a intermediary 
(signer/resigner) which technically is also a receiver as well, 
SHOULD|MUST also follows the same rules all receivers is expected to do.

It appears that we want to create semantics for a FINAL RECEIVER, 
probably behaving as a MDA that are not applicable for MTA; relays, 
hops, forwarders, mailing list, middle-ware appliances, etc.

Thats the issue Charles.   We need to get that resolved before we can 
come up with any procedure reading headers, ARs or what have you, to 
classify a message.

Do all Receivers, including intermediary, SHOULD|MUST follow by the 
same rules, specifically in regard to RFC 5617 and ADSP domains?

--

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>