On 9/29/2020 10:46 AM, Alessandro Vesely wrote:
On Tue 29/Sep/2020 19:26:21 +0200 Dave Crocker wrote:
On 9/29/2020 6:40 AM, Hector Santos wrote:
On 9/27/2020 11:44 PM, Dave Crocker wrote:
DKIM has a single signature binding requirement, the 5322.From
DMARC establishes the relationship.
I don't read it that way.
DKIM binds the signer d= domain and the from.domain with no
enforcement on it nor any indication that they are related when they
not the same (the missing link).
Absolutely not. Please re-read the DKIM specification more
carefully. It is quite explicit that it is doing not doing this.
I think that by "binding" Hector meant this:
5.4. Determine the Header Fields to Sign
The From header field MUST be signed (that is, included in the "h="
tag of the resulting DKIM-Signature header field).
https://tools.ietf.org/html/rfc6376#section-3.4
The spec doesn't say why, but obviously holds that the From: domain is
a specially meaningful one. There are various other passages, for
example:
Sigh, yes. It has caused this misunderstanding, from the start.
It was imposed on the working group by an IETF Area Director and was
agreed to as an expedient.
But, sigh, no. It does not carry any of the semantic import being
claimed in the current discussion.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
