ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] Error in RFC 5321 concerning SPF and DKIM

2014-07-21 09:28:50
On July 21, 2014 6:43:29 AM EDT, Dave Crocker <dhc(_at_)dcrocker(_dot_)net> 
wrote:
On 7/21/2014 6:33 AM, Paul Smith wrote:

On 21/07/2014 11:09, Dave Crocker wrote:
On 7/21/2014 4:02 AM, Paul Smith wrote:
I think there should be something there about SPF and DKIM. There
is a problem with SMTP to do with trustability,

Fair point.

However "3.6.2. Mail eXchange Records and Relaying" seems an odd
place for background material on authentication and trust.

On reflection, I'm wondering whether that entire paragraph belongs 
elsewhere, and with a different reference to spf and dkim?

Absolutely. As I said - in a rewrite, I'd put it somewhere totally 
different (possibly an appendix along with other 'issues' with
SMTP), but this is an errata, so the options may be more limited (I
don't know - I'm not an expert on the RFC editing system)


Mumble. Well, when I wrote the Errata, I couldn't think of anything
that
made sense to me in that context.

Perhaps some sort of very generic language?

From:

This specification does not deal with the verification of return 
paths for use in delivery notifications.  Recent work, such as that 
on SPF [29] and DKIM [30] [31], has been done to provide ways to 
ascertain that an address is valid or belongs to the person who 
actually sent the message.  A server MAY attempt to verify the
return path before using its address for delivery notifications, but
methods of doing so are not defined here nor is any particular
method recommended at this time.

To:

   This specification does not deal with the verification of return
   paths for use in delivery notifications. A server MAY attempt to
   verify the return path before using its address for delivery
   notifications, but methods of doing so are not defined here nor is
   any particular method recommended at this time.

   Various mechanisms exist for verifying identities of different
   actors involved with the handling a message, including TLS[], SPF
   [29] and DKIM [30] [31], OpenPGP, S/MIME.


and no, I'm not in love with the wording...

Since this is 5321 and not 5322, shouldn't the discussion confine itself to the 
envelope and message transport? It seems to me that DKIM, OpenPGP, and S/MIME 
are off topic. 

Scott K

_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp