Re: [apps-discuss] WGLC on draft-ietf-appsawg-rfc5451bis-00

[Alessandro Vesely <vesely@tana.it>]

On Thu 16/May/2013 16:27:00 +0200 Murray S. Kucherawy wrote:
> On Thu, May 16, 2013 at 6:24 AM, Alessandro Vesely <vesely@tana.it> wrote:
> 
>> One is the DNS White List (dnswl) method, used by Courier (mentioned
>> in Appendix E).  It writes:
>>
>>   Authentication-Results: wmail.tana.it;
>>       dnswl=pass dns.zone=list.dnswl.org
>>       policy.ip=127.0.9.1
>>       policy.txt="ietf.org http://dnswl.org/s?s=1703"
>>
>> Since it was me who suggested to use Authentication-Results, I think
>> it's up to me to register that.  I'm waiting for this I-D to get
>> published so as to avail of Designated Expert rather than IETF review.
>
> To be consistent with the other registered methods, the policy.ip and
> policy.txt things wouldn't be included.  A-R is meant to provide results
> and return details of what visible parts of a message were evaluated (e.g.,
> header fields, SMTP properties).  The client IP isn't one of those, nor is
> resulting text.

That's not a client IP, but the return value of the lookup.  Passing
that value to downstream filters is the whole point of adding this
header field, otherwise it would have to be looked up again.  Details
such as DKIM's key length, IMHO, are often in a comment because they
are of minor importance, not because they are not a visible part of
the message.)

The policy.txt is important as it contains a domain name.  Albeit A-R
is not intended to be restricted to domain-based authentication,
that's by far the most common case, a granularity that was settled
many years ago.  By indicating a "somewhat responsible" entity, the
method is semantically consistent with that strategy.