Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support

Wed, 29 Apr 2015 13:18:51 -0700 

On 4/29/2015 3:09 PM, Murray S. Kucherawy wrote:

On Wed, Apr 29, 2015 at 10:16 AM, Hector Santos <[email protected]
<mailto:[email protected]>> wrote:

    I downloaded OpenDKIM source code to see whats it offers. I
    believe I saw:

    o ADSP was no longer supported, pulled. Grep showed one instance
    of an inline comment referring to ADSP.


Correct.

    o ATPS was offered, but I failed to see how it was hooked into
    ADSP because it ADSP was pulled.


It has nothing to do with ADSP.

    o DMARC was offered.


OpenDKIM doesn't know anything about DMARC other than the fact that
"dmarc=" is an Authentication-Results field is not a syntax error.
OpenDKIM runs in the milter stream before OpenDMARC does, and
OpenDMARC consumes the results OpenDKIM provides.

    ATPS was suppose to be based off the ADSP record with the optional
    tag "atps=y" I believe that is how it worked.  If the "atps=y" was
    present in the ADSP record, then ATPS was supported and an
    ATPS_Hash(ADID, SDID) lookup was done.


Nope.  See RFC6541.
huh? Ok, I see what happen, I was working off early drafts when ATPS was an extension to ADSP. I can see it changed in rev 05 and in the final RFC6541 production it was made an in-band extension to DKIM.
I don't have time to read it all now at the moment, but it is only meaningful when a DKIM signature is present? What happens when it is missing?
I wanted to keep a extension to the policy lookup that was already being done. No change to DKIM was necessary. Could this be a reason why they was no traction? I can see why now. It required a change to the DKIM engine.
As an extension to ADSP as the original proof of concept was (often the best idea), what I did was two new tags: 

   asl=[list of resigners]
   atps=y                    use ATPS
This allows for a small and large scale. I only need 10 domains and I can fit domain in my "asl=" tag. Large scale can use atps=y instead. 

So does DKIM require the atps|atpsh tag before an ATPS lookup can be done?


--
HLS


_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to