Jim, these are legit questions:
1) Who is the signer? MUA or MSA?
2) How should a MDA handle the following:
2a) A domain with DK/IIM published information but a non-DK/IIM payload?
2b) A non-DK/IIM domain?
2c) Broken DK/IIM message?
3) What is the role of the intermediatary router MTA?
4) What is the relationship of the transport parameters; IP, HELO, MAILFROM
and RCPTO with a DK/IIM ready payload? What upfront logic can be used?
5) Since a MDA requires to view the PAYLOAD to validate the DK/IIM, what is
the policy for POST-SMTP failed DK/IIM results?
6) Finally, how should gateway transformation systems handle DK/IIM payloads
which may get stripped. For example, a console based mail system only needs
two parts:
The main headers:
From:
To:
Subject:
Date:
and the body:
text body
6a) How does this change the mail reader, online and offline? For example,
should the presentation software display some "Red Warning Icon" suggesting
"Possible Invalid Message?"
Thanks
Sincerely,
Hector Santos, CTO
Santronics Software, Inc.
http://www.santronics.com
305-431-2846 Cell
305-248-3204 Office
----- Original Message -----
From: "Jim Fenton" <fenton(_at_)cisco(_dot_)com>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
Cc: "IETF MARID WG" <ietf-mxcomp(_at_)imc(_dot_)org>
Sent: Tuesday, February 01, 2005 12:57 PM
Subject: Re: So here it is one year later...
I think I'll stick with the "in layman terms" part of the message
because that's most clearly stated:
Hector Santos wrote:
In layman terms:
What if my SMTP mail server detects a non-DK/IIM ready message?
IMO, it will be a very long time (if ever) before a "typical" mail
server will be able to take some action such as rejecting a message
based on a missing signature, except possibly when the originating
domain advertises that it signs all of its mail.
You need to answer that question otherwise what is the use of using
DK/IIM
if a system still needs to work and be ready for non-DK/IIM messages?
It's another message classification criterion, and when present enables
reputation and accreditation based on who the signer is.
Now of course, it might work well in an exclusive CISCO
corporate/enterprise
settings, a big pat on the back, an exciting marketing and promotion
largely
based on "hope" I can imagine for your big customer base. But this is
not
a standard across the board.
I hope it's obvious that's not Cisco's intent. But it should be
possible with standards-based message authentication for anyone to more
accurately whitelist their suppliers, customers, and partners, to make
sure that their messages never get lost.
-Jim