IETF Logo Mail Archive

Re: [ietf-dkim] ADSP Informative Note on parent domain signing

Jim Fenton <fenton@cisco.com> Tue, 07 April 2009 22:13 UTC

Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@core3.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BAA0C3A685D for <ietfarch-ietf-dkim-archive@core3.amsl.com>; Tue, 7 Apr 2009 15:13:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.524
X-Spam-Level:
X-Spam-Status: No, score=-6.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TnuluwunYhzB for <ietfarch-ietf-dkim-archive@core3.amsl.com>; Tue, 7 Apr 2009 15:13:02 -0700 (PDT)
Received: from sbh17.songbird.com (mail.mipassoc.org [IPv6:2001:470:1:76:0:ffff:4834:7146]) by core3.amsl.com (Postfix) with ESMTP id A09273A6963 for <ietf-dkim-archive@ietf.org>; Tue, 7 Apr 2009 15:12:52 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [127.0.0.1]) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id n37MCZRa022859; Tue, 7 Apr 2009 15:12:41 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=mipassoc.org; s=k00001; t=1239142361; bh=qhJEo3yAduHNRfKaeOIZ59Kvqqo=; h=Message-ID:Date: From:MIME-Version:To:References:In-Reply-To:Cc:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Content-Transfer-Encoding:Sender; b=HWBoi2cumJhYP5ozR 1vU73Guh8yRvg017kmiI0o1XzIMaDgs9Eei8I+28TT2CNkGNX/Cr3y235HfS8wimu4r 28j4b+GCqy51xrpfljFuVqNyCCvr6nIsjYG/eZr54MPvVaQ7YYevTubJKrrkcbk0qt/ Vrqetib6p45NEieJvfj0=
Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id n37MCU3r022853 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=FAIL) for <ietf-dkim@mipassoc.org>; Tue, 7 Apr 2009 15:12:35 -0700
Authentication-Results: sbh17.songbird.com; dkim=pass (1024-bit key) header.i=fenton@cisco.com
X-IronPort-AV: E=Sophos;i="4.39,339,1235952000"; d="scan'208";a="33268654"
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-4.cisco.com with ESMTP; 07 Apr 2009 21:36:08 +0000
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id n37La86l022504; Tue, 7 Apr 2009 14:36:08 -0700
Received: from xbh-sjc-221.amer.cisco.com (xbh-sjc-221.cisco.com [128.107.191.63]) by sj-core-5.cisco.com (8.13.8/8.13.8) with ESMTP id n37La8JF000816; Tue, 7 Apr 2009 21:36:08 GMT
Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-221.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 7 Apr 2009 14:36:08 -0700
Received: from dhcp-171-71-97-185.cisco.com ([171.71.97.185]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 7 Apr 2009 14:36:08 -0700
Message-ID: <49DBC748.9030508@cisco.com>
Date: Tue, 07 Apr 2009 14:36:08 -0700
From: Jim Fenton <fenton@cisco.com>
User-Agent: Thunderbird 2.0.0.21 (Macintosh/20090302)
MIME-Version: 1.0
To: Douglas Otis <doug.mtview@gmail.com>
References: <49DA9211.7050001@cisco.com> <CFEE7C04-B549-4137-851D-F5C210E422CB@mail-abuse.org>
In-Reply-To: <CFEE7C04-B549-4137-851D-F5C210E422CB@mail-abuse.org>
X-Enigmail-Version: 0.95.7
X-OriginalArrivalTime: 07 Apr 2009 21:36:08.0213 (UTC) FILETIME=[DCC6D450:01C9B7C8]
Authentication-Results: sj-dkim-1; header.From=fenton@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0 (sbh17.songbird.com [127.0.0.1]); Tue, 07 Apr 2009 15:12:41 -0700 (PDT)
X-Greylist: Delayed for 00:36:15 by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.70]); Tue, 07 Apr 2009 15:12:35 -0700 (PDT)
Cc: IETF DKIM WG <ietf-dkim@mipassoc.org>
Subject: Re: [ietf-dkim] ADSP Informative Note on parent domain signing
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org

Douglas Otis wrote:
>
> On Apr 6, 2009, at 4:36 PM, Jim Fenton wrote:
>
>> There remains some disagreement on whether the "informative note"
>> contained in the last paragraph of the text I proposed on March 27
>> should appear in the ADSP draft.  The note said:
>>
>>> Informative Note:  ADSP is incompatible with DKIM signing by parent
>>> domains described in section 3.8 of [RFC4871] in which a signer uses
>>> "i=" to assert that a parent domain is signing for a subdomain.
>>
>> This would replace the Note in draft-ietf-dkim-ssp-09, section 2.7.
>
> ### This note is not correct.  The incompatibility is not dependent
> upon the i= value, which might be omitted.
>
> Informative Note:  ADSP is incompatible with DKIM signing by parent
> domains described in section 3.8 of [RFC4871] when a parent domain
> signs for a sub-domain within an email-address.  ADSP requires the
> From email-address domain (Author Domain) and the signing domain
> (SDID) to be the same.
>
But what section 2.7 talks about has to do with the use of the i=
value.  Without the i= value, Parent Domain Signing (as defined there)
doesn't exist.

Have a look at the alternate wording I proposed in response to Ellen's
message and let me know what you think of that.

-Jim

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email