Charles Lindsey wrote:
But what [if] its not there? DKIM=DISCARDABLE provides a Domain
Policy that mail must be signed and valid.
If a valid signature is absent, then indeed the listadmin should discard
it (maybe even with 'ALL'). But the case of most interest is when the
message arrives with a valid signature. In that case, the listadmin should
do his best to forward it, but what does he do if the list policy is to
munge? That is what we are discussing.
So he adds Authentication-Results and signs it. At least then the final
recipient can see that and decide to ignore the failure of the original
signature ("DISCARDABLE" or not), assuming he trusts the listadmin.
It was decided in all the documents that have the semantics, and its
there if you check it, that the ANCHOR for policy is the 5322.From
domain.
IOW, we can't use a random AR header that can be forged for this. The
From: is a traditional header that MUST be there and it represents the
traditional constitution for the Authorship and Original Domain.
But if the final recipient sees that there was NO valid original signature
(nor any Authentication-Results in that case), then he should of course
Discard it (even if the original listadmin had not).
The issue at hand as a I posted, is whether a intermediary
(signer/resigner) which technically is also a receiver as well,
SHOULD|MUST also follows the same rules all receivers is expected to do.
It appears that we want to create semantics for a FINAL RECEIVER,
probably behaving as a MDA that are not applicable for MTA; relays,
hops, forwarders, mailing list, middle-ware appliances, etc.
Thats the issue Charles. We need to get that resolved before we can
come up with any procedure reading headers, ARs or what have you, to
classify a message.
Do all Receivers, including intermediary, SHOULD|MUST follow by the
same rules, specifically in regard to RFC 5617 and ADSP domains?
--
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html