Thanks for this, it makes sense. Some questions (may or may not have been discussed already or in your Internet draft):
1. The DKIM-Signature v=2 is only in the headers in the email, correct? Or, would a DKIM DNS record also have v=dkim2; ? 2. If there are multiple To: addresses, the verifier just checks to see d= in any DKIM-Signature that validates matches any domain in the 5322.To: header? 3. Should we think about how this interacts with Authentication-Results stamping? 4. How does the sending MTA know when to stamp this v=2 DKIM header? Presumably, it would need to have a list of known forwarders stored somewhere? -- Terry -----Original Message----- From: John Levine [mailto:[email protected]] Sent: Thursday, June 19, 2014 5:38 PM To: [email protected] Cc: Terry Zink Subject: Re: [dmarc-ietf] signature sample, was So if you don't want Here's an example. The top signature is from the list, the second and third signatures were applied by the sender. The second is the normal signature and the third a weak conditional signature. The third has cs=fs which means it's only valid with an additional (forwarder) signature, and fs=t means that signature has to be from the domain on the To: line. When the list does its thing, it invalidates the strong signature from the original sender, but it adds its own signature which satisfies the weak signature's condition, so the weak signature becomes valid. DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=s1024; d=discussionlists.org; h=From:To:Reply-To:Date:Subject:MIME-Version:Content-Type:List-Unsubscribe:Message-ID; bh=... b=<this is the signature added by the list on the way out> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=s1024; d=sender.example; h=From:To:Reply-To:Date:Subject:MIME-Version:Content-Type:List-Unsubscribe:Message-ID; bh=... b=<this is a "strong" signature that covered the entire message and isn't valid any more> DKIM-Signature: v=2; a=rsa-sha1; c=relaxed/relaxed; s=s1024; d=sender.example; h=From:To:Date; l=0; cs=fs; fs=t; bh=... b=<this is a "weak" forwarding signature that covers part of the message> From: [email protected] To: [email protected] Subject: [discussion-l] cat videos lol List-Id: <discussion.discussionlists.org> blah blah -- This is the discussion-l list, with a beautiful message footer. _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
