On Wed, 27 Oct 2004 domainkeys-feedbackbase01(_at_)yahoo(_dot_)com wrote:
--- Jose Marcio Martins da Cruz
<Jose-Marcio(_dot_)Martins(_at_)ensmp(_dot_)fr> wrote:
Andrew Newton wrote:
http://www.circleid.com/article/791_0_1_0_C/
Actually I don't get the point of the article. Nothing stops Notes from
verifying the inbound email. What Notes does __after__ the
verification, once the email has left the Internet is entirely its
business. It could re-write it in Sanskrit and store it as a
finger-painting for all any authentication system cares.
You're assuming Notes function as being entirely that of gateway. While
in mos cases it is, Lotus notes can also serve as full blown MTA and
both deliver email directly and forward and rely it further (to other
SMTP MTA, not necessarily another Lotus Notes system) as appopriate
per its settings.
- domainKeys headers shall be include some indication on what
was signed and with what order.
Not only do header positions gets get changed but they can also be directly
changed (or removed) by other MTAs in email path. That of course only
applies to non-trace (other then Received) headers as trace headers per
existing RFCs are not supposed to be changed or repositioned by
consequitive MTA systems in email message path.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net