On 6/17/2013 2:36 PM, Laura Atkins wrote:
I am in the process of reviewing the technical setup of a client
installation. This client is using the VERP string (Return Path /
Envelope From) in the i= of their DKIM signature.
The signature looks like this:
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=ci;
d=inbox.example.com;
i=verpprefix-laura=2dinterdirect=40wordtothewise(_dot_)com-2979-83348823-24644-bounce(_at_)inbox(_dot_)example(_dot_)com;
h=content-type:mime-version:subject:list-unsubscribe:reply-to:to:from:date:message-id;
bh=HbLebYQFYQmYej07DLVID9lCjc8=;
Based on my understanding of DKIM, this isn't necessarily violating
the DKIM spec, but it does seem to be not the right thing to use for
the i= value
My understanding of i= semantics is that it has no formal meaning except
to its creator.[1] As long as the syntactic form is followed, it is
acceptable for it to contain anything.[2]
At which point I'd expect the constraints to be privacy and utility,
according to whatever criteria the creator wishes to invoke.
I'm thinking my client should stop doing this, just because it really
seems wrong but I have no justification for recommending that other
than "that can't be right."
I haven't been able to find anything that discusses the intention
behind the i=. I expect they chose this i= because that's the
envelope from, but the i= is suppose to be a person, not a mechanical
address, correct?
Different people had different intentions for i=, over the course of i=
development. Basically, the original spec promoted some confusion on
its role and the role of d=. We followed up with an effort to
explicitly resolve this. The above statement summarizes my
understanding of the result, for i=.
d/
[1] That is, pretty much the i= value is only useful for returning to
the creator. One can imagine utility when a receiver is interacting
with the originator in problem handling, for example.
[2] And, of course, there's the constraint: "The domain part of the
address MUST be the same as, or a subdomain of, the value of the "d="
tag." But I'd consider that a minor point, for the kind of question
being asked here.
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html