MH Michael Hammer (5304) wrote:
>
>> -----Original Message-----
>> From: [email protected] [mailto:ietf-dkim-
>> [email protected]] On Behalf Of Murray S. Kucherawy
>> Sent: Wednesday, October 20, 2010 1:55 PM
>> To: [email protected]
>> Subject: Re: [ietf-dkim] double header reality check
>>
>
> <SNIP>
>
>> There has been talk of applying DKIM to technologies like
>> Usenet and HTTP output. Packing DKIM with mail-specific
>> verification requirements could prevent such things from happening.
>> Shall we also add a "but only when used in the email context" clause?
> Seeing as the M in DKIM stands for Mail, we don't have to put a "but
> only when used in the email context" clause. If a DKIM like approach is
> used for other protocols then we might reasonably text specific to those
> protocols - DKIH (Domain Keys Identified HTML as an example).
I guess because we are already integrated with different mail formats,
I don't see the difference other than having implementation specific
setup features.
For example a signing setup with a target rule
Signer Domain::Target Domain
where the association will enforce certain headers to be signed.
In the case of usenet (or nntp specifically), the considerations might be:
- enforce Path: header
- enforce (maybe) Newsgroups: header
- relaxed signing To: header (since its To: ALL for news)
But if you want to see how email is gated into public newsgroup areas,
check out
news://news.winserver.com
(use an anonymous account to login).
You will see how newsgroups are used for various list. One for the
IETF-DRAFT submissions and other list areas shown as local public
newsgroups.
One of interest where DKIM is used is the SPF-DISCUSS list/newsgroup
where you can see the 10/17/2010 article titled:
[spf-discuss] SPF Mail Summary Report
and if you view the message source and headers, you will see the
Authorization-Results: header:
Authentication-Results: dkim.winserver.com;
dkim=pass header.i=listbox.com header.d=listbox.com header.s=launch;
adsp=fail policy=all author.d=winserver.com asl.d=listbox.com
(unauthorized signer);
dkim=fail (DKIM_BODY_HASH_MISMATCH) header.i=winserver.com
header.d=winserver.com header.s=tms1;
adsp=pass policy=all author.d=winserver.com signer.d=winserver.com
(originating signer);
When our system generated the weekly Summary Report, it was DKIM
signed and exported to the spf-discuss mailing list. The list server
than broke and resigned it and when the copy came back to us, it will
DKIM verified and put into the newsgroup area.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
