-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In message <[email protected] il.com>, Douglas Foster <[email protected]> writes
>My core observation is that: > "SPF and DKIM can only indicate the original authentication state of >the message when the test is based on the state of the message at >origination." >Are you taking issue with this problem statement, or simply taking issue >because the solution to the problem is difficult? no, I was only drawing attention to various issues in your working thereafter ... but since you ask, and since SPF says nothing about the content of a message then it hardly attests to its original "state", it merely hints at its provenance >From my reading of the DKIM2 plan, they accept my problem statement and are >intending to solve the missing information problem by requiring >documentation of message state at each hop, and mitigate the trust problems >by adding stronger signatures at each hop. the last part of that paragraph is correct ... but there's a bit more to it than just blindly adding signatures >Assigning a DKIM signature to a server can be done if one assumes that DKIM >signatures will be added as trace fields. that is what RFC6376 says SHOULD happen >This is commonly the case, >especially when added by an outbound gateway service. So it is pretty >easy to tell whether a signature was added by a gateway service or the >originator. assuming no re-ordering and the correct addition of Received: trace fields then yes, otherwise no >My implementation of a solution may not be robust enough to meet standards >track criteria, but the problem that creates the solution needs to be >clearly documented, and the general nature of a solution should be >sketched. Do you have a problem with that? I think you should pay more attention to DKIM2 and less to trying to leverage manual methods (and/or those that require Received headers to be parsed) into DMARCbis. - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBZzJiq92nQQHFxEViEQJDdwCePvbnpHyuGhT39J70lesDESfrPnsAn1YI 5aWj+lT5rNBQPjmWCt46NZPd =JfRX -----END PGP SIGNATURE----- _______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
