mail-vet-discuss
[Top] [All Lists]

Re: [mail-vet-discuss] Straw consensus call on auth-header draft

2008-10-21 20:25:53


On Oct 14, 2008, at 2:24 PM, Murray S. Kucherawy wrote:


Douglas Otis wrote:
Agreed. However, when a domain attempts to assert control over the From header field using DKIM and ADSP, they must "pretend" to authenticate an email-address within the From header field.

I don't think we're talking about any such assertions here. We're only interested in protecting an Authentication-Results: header added by a border MTA on inbound mail. Seems like ADSP and even From: are somewhat irrelevant to this discussion.

The ADSP draft inhibits an assurance regarding _what_ the signing domain authenticated! The Author Signature definition limits a signing-domain's associated "on-behalf-of" identifier to being an email address within the From header field or to being _blank_. As a result, any intra-domain abuse can not be safely identified. One would be mistaken to assume the From email-address is always what a signing domain authenticates. No other assumption would be available without incurring an impractical second signature that is likely ignored anyway. Should one care about the damage created by an incorrect assumption regarding authentication, even when the assumption is signed by the border MTA? Perhaps this could be call the Assumed-Authentication-Results header. : )

-Doug

<Prev in Thread] Current Thread [Next in Thread>