-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In message <[email protected]
il.com>, Douglas Foster <[email protected]> writes

>My core observation is that:
>    "SPF and DKIM can only indicate the original authentication state of
>the message when the test is based on the state of the message at
>origination."
>Are you taking issue with this problem statement, or simply taking issue
>because the solution to the problem is difficult?

no, I was only drawing attention to various issues in your working
thereafter ... but since you ask, and since SPF says nothing about the
content of a message then it hardly attests to its original "state", it
merely hints at its provenance

>From my reading of the DKIM2 plan, they accept my problem statement and are
>intending to solve the missing information problem by requiring
>documentation of message state at each hop, and mitigate the trust problems
>by adding stronger signatures at each hop.

the last part of that paragraph is correct ... but there's a bit more to
it than just blindly adding signatures

>Assigning a DKIM signature to a server can be done if one assumes that DKIM
>signatures will be added as trace fields.   

that is what RFC6376 says SHOULD happen

>This is commonly the case,
>especially when added by an outbound gateway service.   So it is pretty
>easy to tell whether a signature was added by a gateway service or the
>originator.

assuming no re-ordering and the correct addition of Received: trace
fields then yes, otherwise no

>My implementation of a solution may not be robust enough to meet standards
>track criteria, but the problem that creates the solution needs to be
>clearly documented, and the general nature of a solution should be
>sketched.  Do you have a problem with that?

I think you should pay more attention to DKIM2 and less to trying to
leverage manual methods (and/or those that require Received headers to
be parsed) into DMARCbis.

- -- 
richard                                                   Richard Clayton

Those who would give up essential Liberty, to purchase a little temporary 
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBZzJiq92nQQHFxEViEQJDdwCePvbnpHyuGhT39J70lesDESfrPnsAn1YI
5aWj+lT5rNBQPjmWCt46NZPd
=JfRX
-----END PGP SIGNATURE-----

_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to