Re: [ietf-dkim] Draft minutes...

Thu, 13 Jul 2006 11:24:27 -0700 

Hector Santos wrote:
> Tony,
> 
> I see your point.
> 
> Does this presume that BS will be taking responsibility for the original
> domain?

Of course not; BS is taking responsibility for its domain. Hence its
signing of the Resent-From: header.

> If Resent-From: becomes the source for DKIM verification, in essence, it has
> become a 3rd party signature system in the eyes of downlink verifiers?  Yes?

No; it's a 1st party signature system for the forwarder.

> If it is viewed as a brand new submission, then I think it is more
> consistent, but this is why SSP plays a vital role here.

Yes, it's a brand new submission, but acknowledging that the message is
being resent from a previous sender.

> As long as we have uncontrolled potential of 3rd party signers, we will also
> have a big mess of who is truly valid or not, especially when it comes to
> unsigned original mail.
> 
> In my view, the DKIM compliant BS server (router/resender) should be "picky"
> on what it signs as original or as a resend.  This is where SSP helps.
> 
> Also another no so minor point:
> 
> Will DKIM mandate support for RESENT-* fields?  That's an awful big jump if
> so.

We already do. See section 5.4.

        Tony Hansen
        [EMAIL PROTECTED]

> --
> Hector Santos, Santronics Software, Inc.
> http://www.santronics.com
> 
> 
> ----- Original Message -----
> From: "Tony Hansen" <[EMAIL PROTECTED]>
> To: <[email protected]>
> Sent: Thursday, July 13, 2006 9:02 AM
> Subject: Re: [ietf-dkim] Draft minutes...
> 
> 
>> Person A sends the message to Person B. A's server AS does not sign the
>> message. Person B decides to resend the message to Person C, and B's
>> server BS duly adds a Resent-From: header and does signing.
>>
>> As far as BS is concerned, the Resent-From: header is the one that
>> *should* be signed, not the From: header.
>>
>> Tony Hansen
>> [EMAIL PROTECTED]
>>
>> Hector Santos wrote:
>>> ----- Original Message -----
>>> From: "william(at)elan.net" <[EMAIL PROTECTED]>
>>>
>>>> So if message has Resent-From field would SSP check be done against
> From
>>>> or Resent-From or both?
>>> The verification is already done before the Resent-From was added.
>>> i.e., Resent-* should not be in original mail.
>>>
>> _______________________________________________
>> NOTE WELL: This list operates according to
>> http://mipassoc.org/dkim/ietf-list-rules.html
>>
> 
> 
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

Reply via email to