mail-vet-discuss
[Top] [All Lists]

Re: [mail-vet-discuss] Draft as of 9/4/2007

2007-09-10 11:50:57
Authentication-Results: example.com
           dkim=pass (good signature) 
header(_dot_)i=(_at_)list-expander(_dot_)example(_dot_)com
Received: .........
Received: .........
Received: .........
Dkim-Signature: ...... d=example.com; i=list-expander.example.com;
           h=...:Authentication-Results:...; ...
Authentication-Results: example.com
           dkim=pass (good signature) 
header(_dot_)i=(_at_)sending(_dot_)domain
Received: by list-expander.example.com ...........
Received: .........
Received: .........
Received: .........
Dkim-Signature: ........... d=sending.domain ..........

Just to be awkward, I have made the two Authentications to within the same
trust boundary, but it need not be so. The various Received:s could have
been added anywhere.

So clearly an MUA should look at the top Authentication-Results: first,
and then at the lower ones, believing them or not as he sees fit. But in
this case, it is clear that the lower Authentication-Results: is as valid
as the first, and example.com should clearly leave it in place (contrary
to what you have written in 4.1). Example.com may also have tried (and
failed, because the list-expander had broken it) to verify the lower
signature), and might even have recorded that as a dkim=fail.

<snip>
Could also be used to find that an authenticator is broken or misbehaving.

Regards,
Damon
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html 

<Prev in Thread] Current Thread [Next in Thread>