ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] double header reality check

2010-10-20 15:17:34
from [Hector Santos] [Permanent Link] 
MH Michael Hammer (5304) wrote:



-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of Murray S. Kucherawy
Sent: Wednesday, October 20, 2010 1:55 PM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] double header reality check



<SNIP>


There has been talk of applying DKIM to technologies like 
Usenet and HTTP output.  Packing DKIM with mail-specific 
verification requirements could prevent such things from happening.  
Shall we also add a "but only when used in the email context" clause?



Seeing as the M in DKIM stands for Mail, we don't have to put a "but
only when used in the email context" clause. If a DKIM like approach is
used for other protocols then we might reasonably text specific to those
protocols - DKIH (Domain Keys Identified HTML as an example). 


I guess because we are already integrated with different mail formats, 
I don't see the difference other than having implementation specific 
setup features.

For example a signing setup with a target rule

         Signer Domain::Target Domain

where the association will enforce certain headers to be signed.

In the case of usenet (or nntp specifically), the considerations might be:

    - enforce Path: header
    - enforce (maybe) Newsgroups: header
    - relaxed signing To: header (since its To: ALL for news)

But if you want to see how email is gated into public newsgroup areas, 
check out

     news://news.winserver.com

(use an anonymous account to login).

You will see how newsgroups are used for various list. One for the 
IETF-DRAFT submissions and other list areas shown as local public 
newsgroups.

One of interest where DKIM is used is the SPF-DISCUSS list/newsgroup 
where you can see the 10/17/2010 article titled:

       [spf-discuss] SPF Mail Summary Report

and if you view the message source and headers, you will see the 
Authorization-Results: header:

Authentication-Results: dkim.winserver.com;
   dkim=pass header.i=listbox.com header.d=listbox.com header.s=launch;
   adsp=fail policy=all author.d=winserver.com asl.d=listbox.com 
(unauthorized signer);
   dkim=fail (DKIM_BODY_HASH_MISMATCH) header.i=winserver.com 
header.d=winserver.com header.s=tms1;
   adsp=pass policy=all author.d=winserver.com signer.d=winserver.com 
(originating signer);

When our system generated the weekly Summary Report, it was DKIM 
signed and exported  to the spf-discuss mailing list. The list server 
than broke and resigned it and when the copy came back to us, it will 
DKIM verified and put into the newsgroup area.


-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] double header reality check, MH Michael Hammer (5304)
Next by Date:  Re: [ietf-dkim] What shows up with duplicated headers?, John R. Levine
Previous by Thread:  Re: [ietf-dkim] double header reality check, MH Michael Hammer (5304)
Next by Thread:  Re: [ietf-dkim] double header reality check, Rolf E. Sonneveld
Indexes:  [Date] [Thread] [Top] [All Lists]