Re: [ietf-dkim] Output summary - Communicating Results

Sun, 01 May 2011 00:05:27 -0700 

I'm starting a separate thread for the considered intro text discussion.

This response attempts to provide DKIM in-scope justification why two 
additional outputs should be part of a more "DKIM Complete Output" 
summary.

Murray S. Kucherawy wrote:

> That's probably true, but that is also completely different 
> from necessitating a change to the mandatory output.

Maybe this is about "DKIM Output Complete " rather to redundant burn 
in of what is mandatory.  Everyone already knows SDID is a mandatory 
output for trust based assessor.  The proposed text did say other 
outputs are possible, but I believe there is a minimal set of in-scope 
outputs that we know are useful bits of information because of what 
implementators are showing.

Let me use ODID (Originating Domain Identity) to help describe this.

I believe we have four minimal in-scope outputs that is consistent 
with the DKIM Service Architecture (RFC5585),  Identity Assessor 
Layers and Reporting recommendations.

    RCODE  result code)
    SDID   d=, described as a MUST for (trust) assessors
    AUID   i=, described as a MAY for assessors
    ODID   Domain part of From: address.

There is nothing new here and I believe satisfies IETF protocol 
design, bis work and DS considerations. It reflects current 
implementations, doesn't change code and definitely helps future 
implementors.

Justifying ODID is simple:

The ODID is an optional requirement in the complete software 
engineering design described in the DKIM Service Architecture [RFC5585].

While ODID is an optional consideration for implementors to support 
the Checking Signing Practices (ADSP) module, it is nonetheless part 
of the RFC described DKIM Service Architecture.  Therefore for 
RFC4871bis to be consistent with RFC5585, it needs to explicitly 
expose the ODID as part of the DKIM Complete Output.

Justifying AUID is simple as well.

Dave's MLM shows an A-R (using Thomas's list post):

  Authentication-Results: sbh17.songbird.com;
    dkim=pass (1024-bit key) header.i=m...@mtcc.com

It only shows the AUID. This suggest existing implementations are 
using the DKIM recommended A-R reporting method and needs the AUID as 
part of a DKIM Complete Outputs.

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

Reply via email to