On 10/25/2013 5:49 PM, Ned Freed wrote:
Given that you can only trust the last Received header, I'm not clear what
is accomplished.
False. You can trust the Received: chain back to the point where it reaches an
IP you don't trust to insert Received: fields reliably. Depending on the
circumstances that number can be anywhere from 0 to as many Received: fields as
there are in the message.
By the way, there might be an opportunity to improve accountability
implied by this discussion exchange:
signing the audit trail.
DKIM doesn't validate any content other than its own d= value, of course.
However one might define a value-added snap-on tool that declared
content signed with the domain name asserting the snap-on tool to be valid.
So if it signed a Received sequence, including the snap-on tool/field,
it would be declaring that Received sequence valid. (Small issue of
having the signature indicate exactly which Receiveds it is reference,
since it needs to excludes the one it cannot assert trust over.)
This won't mean that the signed Receiveds automatically known to be
valid, but it means you know who to contact about them, to the extent
you can contact the owner of the validity-asserting signer is...
That is, I'm trying to take the implicit trust that is built into the
model Ned just referenced and find a way to extend it with some extra
mechanism.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp