On 3/3/2010 10:32 PM, Eliot Lear wrote: > Certainly. In a nut shell, the problem is at the implementation end > between the MUA and the signer. The common signers out there will only > do so for certain domains, and they will generally only do so, based on > the From: line. Here is where the confusion sets in. If an MUA sees an > address, such as the following:
Confusion, indeed. In what way is the From: line relevant to DKIM, other than being part of the header field hash? I believe we are not in any way implying any changes to the hashing algorithm, since DKIM does not do field-specific processing. (For example, it cannot know all of the possible address header fields.) > From: Eliot Lear =?iso-8859-1?Q?<l...@klapsm=fchle.ch>?= > > When the signer sees this, it could upgrade to get klapsmühle.ch, and > then check the punycode version of that. Things get more confused in > EAI, because there 8-bit MIME floating around. If you sign 8-bit MIME > and a downgrade occurs, the game is over, and the signature is invalidated. Ahh, well, the DKIM specification does not provide text that guides selection of the d= value. So, yes, the signer might have differential signing practices based on the From: field, but that's outside the scope of the specification. What am I missing? d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
