Re: [mail-vet-discuss] Reworked section 2 (for -13)

On 3/12/08, Murray S. Kucherawy <msk(_at_)sendmail(_dot_)com> wrote:

Dotzero wrote:

After reviewing section 2.4.3 I think it should be split out
separately for SPF and Sender-ID. A pass for SPF does not mean the
same thing as a pass for SIDF. Conflating the two is a recipe for
problems. Mail From pass from SPF is totally different from PRA pass
from SIDF.

Well actually now I'm not sure why you think that.  The spec doesn't say
a pass from one is the same as a pass from the other; you could
certainly have "spf=pass" and "sender-id=hardfail" in an A-R header or
pair of headers.  The spec only says under what circumstances you would
use "pass" in each case.  Both mechanism asks the same question: Was the
client authorized to send by domain's policy (however that got
evaluated)?  And it seems to be both mechanisms are sufficiently similar
that they have overlapping answer sets.  That's why I grouped them when
enumerating possible results.
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html


Notwithstanding Scotts comment, I was thinking of the case of SIDF
where there is an arbitrary Sender field.

In this case, the policy checked is that of the domain from the
RFC2822 Sender field and not the domain of the RFC 2821 Mail From
field.

The meaning of a pass (and the check itself) is totally different in
this case compared to a pass for an SPF check of RFC2821 Mail From at
the transport layer.

So we start with this:

" pass:  The client is authorized to inject or relay mail on behalf of
the sender's domain."

But what we are really should be saying is:

In the case of SPF (RFC4408), it should read something like this:

 " pass:  The client is authorized to inject or relay mail on behalf
of the RFC2821 Mail From domain."

In the case of SIDF (RFC 4406), it should read something like this:

 " pass:  The PRA is authenticated as either RFC2822  From or Sender
domain or if no SPF2 record is present an evaluation of the RFC2821
Mail From domain SPF1 record."

I know I'm not expressing the latter case exactly correct but I hope
I'm getting my point across. They are not evaluated the same and a
pass is not the same thing.
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [mail-vet-discuss] Reworked section 2 (for -13), (continued) Re: [mail-vet-discuss] Reworked section 2 (for -13), Murray S. Kucherawy Re: [mail-vet-discuss] Reworked section 2 (for -13), Dotzero Re: [mail-vet-discuss] Reworked section 2 (for -13), Scott Kitterman Re: [mail-vet-discuss] Reworked section 2 (for -13), Dotzero Re: [mail-vet-discuss] Reworked section 2 (for -13), Murray S. Kucherawy Re: [mail-vet-discuss] Reworked section 2 (for -13), Scott Kitterman Re: [mail-vet-discuss] Reworked section 2 (for -13), J D Falk Re: [mail-vet-discuss] Reworked section 2 (for -13), Scott Kitterman Re: [mail-vet-discuss] Reworked section 2 (for -13), Michael Thomas Re: [mail-vet-discuss] Reworked section 2 (for -13), Murray S. Kucherawy Re: [mail-vet-discuss] Reworked section 2 (for -13), Dotzero <= Re: [mail-vet-discuss] Reworked section 2 (for -13), Murray S. Kucherawy

Previous by Date:	Re: [mail-vet-discuss] Reworked section 2 (for -13), Murray S. Kucherawy
Next by Date:	Re: [mail-vet-discuss] Reworked section 2 (for -13), Michael Thomas
Previous by Thread:	Re: [mail-vet-discuss] Reworked section 2 (for -13), Murray S. Kucherawy
Next by Thread:	Re: [mail-vet-discuss] Reworked section 2 (for -13), Murray S. Kucherawy
Indexes:	[Date] [Thread] [Top] [All Lists]