ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] Error in RFC 5321 concerning SPF and DKIM

2014-07-21 09:15:19


-----Original Message-----
From: ietf-smtp [mailto:ietf-smtp-bounces(_at_)ietf(_dot_)org] On Behalf Of 
Dave
Crocker
Sent: Monday, July 21, 2014 6:43 AM
To: Paul Smith
Cc: ietf-smtp(_at_)ietf(_dot_)org
Subject: Re: [ietf-smtp] Error in RFC 5321 concerning SPF and DKIM

On 7/21/2014 6:33 AM, Paul Smith wrote:

On 21/07/2014 11:09, Dave Crocker wrote:
On 7/21/2014 4:02 AM, Paul Smith wrote:
I think there should be something there about SPF and DKIM. There is
a problem with SMTP to do with trustability,

Fair point.

However "3.6.2. Mail eXchange Records and Relaying" seems an odd
place for background material on authentication and trust.

On reflection, I'm wondering whether that entire paragraph belongs
elsewhere, and with a different reference to spf and dkim?

Absolutely. As I said - in a rewrite, I'd put it somewhere totally
different (possibly an appendix along with other 'issues' with SMTP),
but this is an errata, so the options may be more limited (I don't
know - I'm not an expert on the RFC editing system)


Mumble. Well, when I wrote the Errata, I couldn't think of anything that
made sense to me in that context.

Perhaps some sort of very generic language?

From:

This specification does not deal with the verification of return paths
for use in delivery notifications.  Recent work, such as that on SPF
[29] and DKIM [30] [31], has been done to provide ways to ascertain
that an address is valid or belongs to the person who actually sent
the message.  A server MAY attempt to verify the return path before
using its address for delivery notifications, but methods of doing so
are not defined here nor is any particular method recommended at this
time.

To:

    This specification does not deal with the verification of return
    paths for use in delivery notifications. A server MAY attempt to
    verify the return path before using its address for delivery
    notifications, but methods of doing so are not defined here nor is
    any particular method recommended at this time.

    Various mechanisms exist for verifying identities of different
    actors involved with the handling a message, including TLS[], SPF
    [29] and DKIM [30] [31], OpenPGP, S/MIME.


and no, I'm not in love with the wording...

d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net


I'm not in love with the wording but this is the best proposal I've seen so 
far. The original text regarding ReturnPath and SPF/DKIM is incorrect and would 
be misleading to someone not familiar with SPF/DKIM - and confusing to someone 
who does have familiarity.

Mike

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

<Prev in Thread] Current Thread [Next in Thread>