> You're either saying this change belongs in DKIM (which then ascribes special > meaning to this kind of signature combination, or to "v=2" signatures, or > something), > or you're leaving DKIM alone and saying that the analysis logic appears in > DMARC. I want to rescind my DKIM v=2 and put the analysis logic entirely in DMARC.
> What advantage does this have over John's proposal? It actually looks more c > complicated to me, because it spans the divide between DKIM and DMARC. John's > proposal is completely contained within DKIM. John’s proposal changes DKIM but also requires additional changes in DMARC to respect the changes that were made to DKIM when doing alignment (the @fs=domain is more or less the same as the Original-To below). If I rescind my DKIM v=2 to only v=1, then it requires changes to DMARC analysis logic (which John’s would have required anyhow to extract the @fs and compare to the from address); and, requires some configuration changes to senders in DKIM but no code change (unless adding a second signature requires a code change). -- Terry From: Murray S. Kucherawy [mailto:[email protected]] Sent: Tuesday, May 5, 2015 12:39 PM To: Terry Zink Cc: John Levine; [email protected] Subject: Re: [dmarc-ietf] OpenDKIM ADSP, DMARC and ATPS support On Tue, May 5, 2015 at 12:28 PM, Terry Zink <[email protected]<mailto:[email protected]>> wrote: From: Joe User <[email protected]<mailto:[email protected]>> *** To: [email protected]<mailto:[email protected]> Original-To: [email protected]<mailto:[email protected]> *** Subject: [BIRDWATCHERS] Hi, I'm Joe from the northeast![...] DKIM-Signature: v=1; d=yahoo.com<http://yahoo.com>; h=from:date:subject:to:mime-version:message-id:content-type:original-to; DKIM-Signature: v=2; d=yahoo.com<http://yahoo.com>; l=0; h=from:date:to:mime-version:message-id:content-type:original-to; *** DKIM-Signature: v=1; d=birdwatchers.org<http://birdwatchers.org>; h=from:date:to:mime-version:message-id:content-type:original-to; *** List-Id: "Birdwatchers in the Northeast" <[email protected]<mailto:[email protected]>> [...] - This would be an add-on to DMARC and an add-on to DKIM, but not a big one. In fact, the DKIM-Sign v=2 could be v=1. DMARC would know not to align a weak DKIM signature (l=0) with DMARC by itself (indeed, we are basically saying l=0 should not be used for normal DKIM trust relationships). So it’s no add on to DMARC. You're either saying this change belongs in DKIM (which then ascribes special meaning to this kind of signature combination, or to "v=2" signatures, or something), or you're leaving DKIM alone and saying that the analysis logic appears in DMARC. What advantage does this have over John's proposal? It actually looks more complicated to me, because it spans the divide between DKIM and DMARC. John's proposal is completely contained within DKIM. -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
