IETF Logo Mail Archive

Re: [ietf-dkim] ADSP Informative Note on parent domain signing

"Siegel, Ellen" <esiegel@constantcontact.com> Tue, 07 April 2009 20:59 UTC

Return-Path: <ietf-dkim-bounces@mipassoc.org>
X-Original-To: ietfarch-ietf-dkim-archive@core3.amsl.com
Delivered-To: ietfarch-ietf-dkim-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F040C3A6A6C for <ietfarch-ietf-dkim-archive@core3.amsl.com>; Tue, 7 Apr 2009 13:59:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RuWxt8kEKp2e for <ietfarch-ietf-dkim-archive@core3.amsl.com>; Tue, 7 Apr 2009 13:59:53 -0700 (PDT)
Received: from sbh17.songbird.com (mail.mipassoc.org [IPv6:2001:470:1:76:0:ffff:4834:7146]) by core3.amsl.com (Postfix) with ESMTP id 80F4B3A67F3 for <ietf-dkim-archive@ietf.org>; Tue, 7 Apr 2009 13:59:52 -0700 (PDT)
Received: from sbh17.songbird.com (sbh17.songbird.com [127.0.0.1]) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id n37Kwlcu019460; Tue, 7 Apr 2009 13:58:55 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=mipassoc.org; s=k00001; t=1239137949; bh=KNRnLDgsjJPAzVxJZFq6oBK7tXc=; h=From:To:Date: Message-ID:References:In-Reply-To:MIME-Version:Subject:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: Content-Type:Content-Transfer-Encoding:Sender; b=MRA1PixLHLP0JfVzI iFMvTTBtWLuo+99DEf/H2AYk18JRfNEnkgXsBD5ZL5DQ+QxBU/uM6GPP4pZrJvNhChC jahG2AZdKmj6baTQEe6m1oWyx9hOXWI8cxghuThvLUcCr+f35g/om5W9wiFpzB4nW+G 0aOI1LlRWp6bQg/bXHAQ=
Received: from c1smtp1.constantcontact.com (c1smtp1.constantcontact.com [38.97.74.17]) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id n37KwdOW019454 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for <ietf-dkim@mipassoc.org>; Tue, 7 Apr 2009 13:58:45 -0700
Received: from c1-exchmb01.roving.com ([192.168.221.3]) by c1-exchcas01.roving.com ([192.168.203.11]) with mapi; Tue, 7 Apr 2009 16:58:39 -0400
From: "Siegel, Ellen" <esiegel@constantcontact.com>
To: Jim Fenton <fenton@cisco.com>, IETF DKIM WG <ietf-dkim@mipassoc.org>
Date: Tue, 07 Apr 2009 16:58:38 -0400
Thread-Topic: [ietf-dkim] ADSP Informative Note on parent domain signing
Thread-Index: Acm3Fdm/JpYC7MPLQ8KCzhyeke/n1AAnWYdw
Message-ID: <A4E596E1F52A4D41AB86998A716DC90E265E0F8839@c1-exchmb01.roving.com>
References: <49DA9211.7050001@cisco.com>
In-Reply-To: <49DA9211.7050001@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
MIME-Version: 1.0
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.0 (sbh17.songbird.com [127.0.0.1]); Tue, 07 Apr 2009 13:59:09 -0700 (PDT)
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.70]); Tue, 07 Apr 2009 13:58:45 -0700 (PDT)
X-MIME-Autoconverted: from quoted-printable to 8bit by sbh17.songbird.com id n37KwdOW019454
Subject: Re: [ietf-dkim] ADSP Informative Note on parent domain signing
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org

> There remains some disagreement on whether the "informative note"
> contained in the last paragraph of the text I proposed on March 27
> should appear in the ADSP draft.  The note said:
> 
> > Informative Note:  ADSP is incompatible with DKIM signing by parent
> > domains described in section 3.8 of [RFC4871] in which a signer uses
> > "i=" to assert that a parent domain is signing for a subdomain.
> >
> This would replace the Note in draft-ietf-dkim-ssp-09, section 2.7.
> 
> Thus far, I feel it should be included and John Levine and Dave Crocker
> feel it shouldn't.  May we have guidance from others in the Working
> Group, please?
> 

[> ] 

I think it may be the "incompatible" that's causing the disagreement. ADSP is not incompatible with that signing configuration, it would just require that a second signature be added. 

Maybe something more like the following?

"ADSP should not be used for domains that use "i=" values to enable a parent domain to sign for a subdomain (as described in section 3.8 of [RFC4871]) unless an additional signature where the "d=" domain matches the "i=" domain is added."

Ellen 

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email