MH Michael Hammer (5304) wrote:
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of Murray S. Kucherawy
Sent: Wednesday, October 20, 2010 1:55 PM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] double header reality check
<SNIP>
There has been talk of applying DKIM to technologies like
Usenet and HTTP output. Packing DKIM with mail-specific
verification requirements could prevent such things from happening.
Shall we also add a "but only when used in the email context" clause?
Seeing as the M in DKIM stands for Mail, we don't have to put a "but
only when used in the email context" clause. If a DKIM like approach is
used for other protocols then we might reasonably text specific to those
protocols - DKIH (Domain Keys Identified HTML as an example).
I guess because we are already integrated with different mail formats,
I don't see the difference other than having implementation specific
setup features.
For example a signing setup with a target rule
Signer Domain::Target Domain
where the association will enforce certain headers to be signed.
In the case of usenet (or nntp specifically), the considerations might be:
- enforce Path: header
- enforce (maybe) Newsgroups: header
- relaxed signing To: header (since its To: ALL for news)
But if you want to see how email is gated into public newsgroup areas,
check out
news://news.winserver.com
(use an anonymous account to login).
You will see how newsgroups are used for various list. One for the
IETF-DRAFT submissions and other list areas shown as local public
newsgroups.
One of interest where DKIM is used is the SPF-DISCUSS list/newsgroup
where you can see the 10/17/2010 article titled:
[spf-discuss] SPF Mail Summary Report
and if you view the message source and headers, you will see the
Authorization-Results: header:
Authentication-Results: dkim.winserver.com;
dkim=pass header.i=listbox.com header.d=listbox.com header.s=launch;
adsp=fail policy=all author.d=winserver.com asl.d=listbox.com
(unauthorized signer);
dkim=fail (DKIM_BODY_HASH_MISMATCH) header.i=winserver.com
header.d=winserver.com header.s=tms1;
adsp=pass policy=all author.d=winserver.com signer.d=winserver.com
(originating signer);
When our system generated the weekly Summary Report, it was DKIM
signed and exported to the spf-discuss mailing list. The list server
than broke and resigned it and when the copy came back to us, it will
DKIM verified and put into the newsgroup area.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html