Re: [ietf-dkim] [Fwd: RFC 5617 on DomainKeys Identified Mail (DKIM) Author Domain Signing Practices (ADSP)]
hector <gmail.sant9442@winserver.com> Sat, 15 August 2009 11:35 UTC
Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@core3.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 083BE3A6946 for <ietfarch-ietf-dkim-archive@core3.amsl.com>; Sat, 15 Aug 2009 04:35:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.646
X-Spam-Level:
X-Spam-Status: No, score=-1.646 tagged_above=-999 required=5 tests=[AWL=-0.847, BAYES_00=-2.599, J_CHICKENPOX_43=0.6, J_CHICKENPOX_47=0.6, J_CHICKENPOX_93=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f75UvIx8TA-n for <ietfarch-ietf-dkim-archive@core3.amsl.com>; Sat, 15 Aug 2009 04:35:03 -0700 (PDT)
Received: from sbh17.songbird.com (unknown [IPv6:2001:470:1:76:0:ffff:4834:7147]) by core3.amsl.com (Postfix) with ESMTP id E83B33A6926 for <ietf-dkim-archive@ietf.org>; Sat, 15 Aug 2009 04:35:02 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [127.0.0.1]) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id n7FBX7wl021438; Sat, 15 Aug 2009 04:33:38 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=mipassoc.org; s=k00001; t=1250336028; bh=IiQvQl1YKzhzZh0yt5grCKRUdpg=; h=Message-ID:Date: From:MIME-Version:To:References:In-Reply-To:Cc:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Content-Transfer-Encoding:Sender; b=OCvJJ1frgno4QzhQd hlS2PyvR4mjyUz51HmRSRggqgMNNt9sYbbLudZa36e+J3uo8ZVtlrFcJKazks1cxAYT 5TQjL6LQ0hdGh2WX1zKmAulcBjiqLxK6jse1KTcgVc3Ir1BS5wUsB6tgd1tHTuM+8UR qFzMeyi1cX/8AJLV8gA8=
Received: from mail-yw0-f200.google.com (mail-yw0-f200.google.com [209.85.211.200]) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id n7FBWxF9021411 for <ietf-dkim@mipassoc.org>; Sat, 15 Aug 2009 04:33:04 -0700
Authentication-Results: sbh17.songbird.com; dkim=pass (1024-bit key) header.i=@gmail.com
Received: by ywh38 with SMTP id 38so2636949ywh.20 for <ietf-dkim@mipassoc.org>; Sat, 15 Aug 2009 04:32:59 -0700 (PDT)
Received: by 10.91.142.8 with SMTP id u8mr1597609agn.102.1250335978904; Sat, 15 Aug 2009 04:32:58 -0700 (PDT)
Received: from adsl-215-50-126.mia.bellsouth.net (99-3-147-93.lightspeed.miamfl.sbcglobal.net [99.3.147.93]) by mx.google.com with ESMTPS id 38sm1854852agd.49.2009.08.15.04.32.57 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 15 Aug 2009 04:32:58 -0700 (PDT)
Message-ID: <4A869CE6.2000608@winserver.com>
Date: Sat, 15 Aug 2009 07:32:54 -0400
From: hector <gmail.sant9442@winserver.com>
User-Agent: Thunderbird 2.0.0.0 (Windows/20070326)
MIME-Version: 1.0
To: Jim Fenton <fenton@cisco.com>
References: <4A85987A.8010006@cisco.com>
In-Reply-To: <4A85987A.8010006@cisco.com>
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0 (sbh17.songbird.com [127.0.0.1]); Sat, 15 Aug 2009 04:33:48 -0700 (PDT)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.70]); Sat, 15 Aug 2009 04:33:05 -0700 (PDT)
Cc: IETF DKIM WG <ietf-dkim@mipassoc.org>
Subject: Re: [ietf-dkim] [Fwd: RFC 5617 on DomainKeys Identified Mail (DKIM) Author Domain Signing Practices (ADSP)]
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
Congratulations on getting this published. Hopefully, it will taken serious by many domains to help provide a reasonable return on DKIM processing. In lieu of a standardized (and public) reputation system, network, ADSP can give some value. I have a few questions seeking clarification, confirmation mostly, because if I'm going to begin to implement DKIM with an ADSP focus for our customers, we will need to be able translate the information in the spec into easy to understand documented and online "Help" for customers. 1) With the policies: dkim=all vs dkim=discardable In layman terms, one is actionable (discardable) and one is not (all). One is an "Error" resulting in a reject, one is a "Warning" not resulting in a reject, in both cases, can be logged/recorded? Our GUI setup may show it like so for example: Author Domain: domain.example DKIM Signing Policy: (o) unknown - your mail may be signed (_) all - Your mail are always sign, however verifiers SHOULD NOT reject invalid signatures. (_) discardable - Your mail are always sign, and verifiers MUST reject invalid signatures. [ PUBLISH ] [CANCEL ] Is that the basic translation and fair way to put it? 2) DKIM=UNKNOWN Is there any actionable logic for optional signing? I mean, you may not always sign, but if you do, it must not be invalid? I just want to make sure in our help/doc to indicate whether publishing with unknown is the same as no ADSP record. One is explicit, the other is implicit. I may not always sign, but if I do, take it serious. Having no records could be viewed you don't care either way. I guess as it seems to be now, it would be a "Warning" but still acceptable (no rejection on this basis). But see the tail end of 3. 3) Finally 3rd party signatures. Please believe me I don't wish to rehash this. It was the one thing that I really felt will help domains. Not so much in defining the difficult task for valid use cases for the inclusion of 3rd signature policies, but rather the exclusion of 3rd parties. For example, appendix B.4 says: B.4. Third-Party Senders Another common use case is for a third party to enter into an agreement whereby that third party will send bulk or other mail on behalf of a designated Author or Author Domain, using that domain in the [RFC5322] From: or other headers. Due to the many and varied complexities of such agreements, third-party signing is not addressed in this specification. Ok, I accept this, we had hard time defining 3rd party situations. But this is not the same as the one hard logical conclusion a domain may have: He doesn't do 3rd party signatures nor expect it. So it seems me that the explicit declaration of a ADSP policy, the only options provided to prevent it are the explicit DKIM=ALL and DKIM=DISCARDABLE declarations. However, does the explicit DKIM=UNKNOWN declaration also imply exclusive Author Domain Signing? An explicit DKIM=UNKNOWN should suggest ADSP operations only, even if the signature is optional. Is that a correct or incorrect consideration? Thanks --- Jim Fenton wrote: > I haven't seen this announcement here, probably because > rfc-editor@rfc-editor.org doesn't subscribe to this list. > > -------- Original Message -------- > Subject: RFC 5617 on DomainKeys Identified Mail (DKIM) Author Domain > Signing Practices (ADSP) > Date: Wed, 12 Aug 2009 16:53:22 -0700 (PDT) > From: rfc-editor@rfc-editor.org > To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org > CC: ietf-dkim@mipassoc.org, rfc-editor@rfc-editor.org > Newsgroups: gmane.ietf.announce,gmane.ietf.dkim > > > A new Request for Comments is now available in online RFC libraries. > > > RFC 5617 > > Title: DomainKeys Identified Mail (DKIM) Author > Domain Signing Practices (ADSP) > Author: E. Allman, J. Fenton, > M. Delany, J. Levine > Status: Standards Track > Date: August 2009 > Mailbox: eric+dkim@sendmail.org, > fenton@cisco.com, > markd+dkim@yahoo-inc.com, > standards@taugh.com > Pages: 21 > Characters: 43093 > Updates/Obsoletes/SeeAlso: None > > I-D Tag: draft-ietf-dkim-ssp-10.txt > > URL: http://www.rfc-editor.org/rfc/rfc5617.txt > > DomainKeys Identified Mail (DKIM) defines a domain-level > authentication framework for email to permit verification of the > source and contents of messages. This document specifies an adjunct > mechanism to aid in assessing messages that do not contain a DKIM > signature for the domain used in the author's address. It defines a > record that can advertise whether a domain signs its outgoing mail as > well as how other hosts can access that record. [STANDARDS TRACK] > > This document is a product of the Domain Keys Identified Mail Working > Group of the IETF. > > This is now a Proposed Standard Protocol. > > STANDARDS TRACK: This document specifies an Internet standards track > protocol for the Internet community,and requests discussion and suggestions > for improvements. Please refer to the current edition of the Internet > Official Protocol Standards (STD 1) for the standardization state and > status of this protocol. Distribution of this memo is unlimited. > > This announcement is sent to the IETF-Announce and rfc-dist lists. > To subscribe or unsubscribe, see > http://www.ietf.org/mailman/listinfo/ietf-announce > http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist > > For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html. > For downloading RFCs, see http://www.rfc-editor.org/rfc.html. > > Requests for special distribution should be addressed to either the > author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless > specifically noted otherwise on the RFC itself, all RFCs are for > unlimited distribution. > > > The RFC Editor Team > USC/Information Sciences Institute > > _______________________________________________ > NOTE WELL: This list operates according to > http://mipassoc.org/dkim/ietf-list-rules.html _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html