On Wed, 14 Oct 2009 13:31:48 +0100, hector
<gmail(_dot_)sant9442(_at_)winserver(_dot_)com>
wrote:
Charles Lindsey wrote:
But what [if] its not there? DKIM=DISCARDABLE provides a Domain
Policy that mail must be signed and valid.
If a valid signature is absent, then indeed the listadmin should discard
it (maybe even with 'ALL'). But the case of most interest is when the
message arrives with a valid signature. In that case, the listadmin
should
do his best to forward it, but what does he do if the list policy is to
munge? That is what we are discussing.
So he adds Authentication-Results and signs it. At least then the final
recipient can see that and decide to ignore the failure of the original
signature ("DISCARDABLE" or not), assuming he trusts the listadmin.
It was decided in all the documents that have the semantics, and its
there if you check it, that the ANCHOR for policy is the 5322.From
domain.
IOW, we can't use a random AR header that can be forged for this. The
From: is a traditional header that MUST be there and it represents the
traditional constitution for the Authorship and Original Domain.
The reliability, or forgeabbility of what I am proposing is a matter we
can indeed discuss. But I would claim it is at least better than doing
nothing about this issue.
But if the final recipient sees that there was NO valid original
signature
(nor any Authentication-Results in that case), then he should of course
Discard it (even if the original listadmin had not).
The issue at hand as a I posted, is whether a intermediary
(signer/resigner) which technically is also a receiver as well,
SHOULD|MUST also follows the same rules all receivers is expected to do.
There is no SHOULD|MUST about what recipients do. At most, it is a matter
of Best Common Practice, which this WG might well choose to incorporate in
a BCP RFC. But what would such a BCP document say?
It might say that all invalid DISCARDABLE email "SHOULD" be discarded.
It might say that all invalid DISCARDABLE email "SHOULD" be marked as such
and sent on.
It might say that invalid DISCARDABLE email "SHOULD" be treated in some
different way if accompanied by a signed A-R record as I have suggested.
It might say that Listadmins "SHOULD" treat mail addressed to their list
just like any other recipient "SHOULD" treat it.
It might say that Listadmins "SHOULD", as a special case, take actions
different from other recipients (whether by adding A-R records, or
something else).
It might (or might not) make special recommendations for other forwarders,
such as acm.org.
None of these possibilities is, a priori, preordained. None of them is
contrary to anything currently on the Standards Track.
All of them are a proper subject of discussion, should this WG decide to
embark on such a BCP (and the misunderstandings repeatedly displayed here
seem to suggest that something of the sort is needed).
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html