Re: [spfbis] Error in RFC 5321 concerning SPF and DKIM
Stuart Gathman <stuart@gathman.org> Mon, 21 July 2014 15:32 UTC
Return-Path: <SRS0=L8Suk=4Q==stuart@gathman.org>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7C2B1A0202 for <spfbis@ietfa.amsl.com>; Mon, 21 Jul 2014 08:32:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.003
X-Spam-Level:
X-Spam-Status: No, score=-2.003 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I02RFZyib6xN for <spfbis@ietfa.amsl.com>; Mon, 21 Jul 2014 08:32:10 -0700 (PDT)
Received: from mail.gathman.org (mail.gathman.org [IPv6:2001:470:5:c85::10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF4D01A006D for <spfbis@ietf.org>; Mon, 21 Jul 2014 08:32:03 -0700 (PDT)
Authentication-Results: mail.gathman.org; iprev=pass policy.iprev="2001:470:8:809:11::1015" (silver.gathman.org); auth=pass (PLAIN sslbits=128) smtp.auth=stuart
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gathman.org; i=@gathman.org; q=dns/txt; s=default; t=1405956714; h=Message-ID : Date : From : MIME-Version : To : CC : Subject : References : In-Reply-To : Content-Type : Content-Transfer-Encoding : Date : From : Subject; bh=4BXkeXxat4NVnd1ZrIs42G7cRz+ctg2DqgjdbVTUUQw=; b=Cl+Lk9lWada4vGIbFAqaUve90LcjpAJjbgnfvQNTDdFmXHRmmNJ2C1WgQq8ir+mnnQyIj9 /iBrZgPSYuLCFZ0NX8YPQp8EYgIs7zO2iTgBtyqv0QXHAkef3qqxrYbbBbDW/3whuZ6Way2l eGMGaW7aCNCbXH6W6dkWYLsWXCMv8=
Received: from silver.gathman.org (silver.gathman.org [IPv6:2001:470:8:809:11::1015]) (authenticated bits=0) by mail.gathman.org (8.14.4/8.14.4) with ESMTP id s6LFVqm9014576 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 21 Jul 2014 11:31:54 -0400
Message-ID: <53CD3269.3050604@gathman.org>
Date: Mon, 21 Jul 2014 11:31:28 -0400
From: Stuart Gathman <stuart@gathman.org>
Organization: BWI Corporation
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: spfbis@ietf.org
References: <53CBF045.7060205@dcrocker.net>
In-Reply-To: <53CBF045.7060205@dcrocker.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/spfbis/-QqLl5ZP1TniFTDXJetTwfVdvBc
Cc: dhc@dcrocker.net
Subject: Re: [spfbis] Error in RFC 5321 concerning SPF and DKIM
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spfbis/>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jul 2014 15:38:39 -0000
On 07/20/2014 12:37 PM, Dave Crocker wrote: > Hi folks. > > I submitted an Errata on RFC 5321 that was rejected due to logic that is > proving a bit challenging to understand. > > http://www.rfc-editor.org/errata_search.php?eid=4055 > > So I thought I'd check with the SMTP, SPF and DKIM communities to get > some broader review for the substantive issue, before considering > alternative process paths. > > Simply put: > > RFC 5321 has some text about SPF and DKIM that is > simply wrong. > > Given the continuing community confusion about what > SPF and DKIM do and do not do, I think that having > the SMTP document perpetuate erroneous views is > significantly problematic. > > I've checked the archive of around the time the text was introduced. > Other that a brief exchange about the 'nature' of DKIM, I don't see any > messages on this topic. > > I'd appreciate comments on the factual issues here. I don't want to > discuss the Errata process. Just the technical issues. > > If folks think my characterization of the error is either correct or > incorrect, please say so and explain. If you think it can be documented > better, please offer text! Well, the obvious problem is that DKIM does not address RFC 5321 MAIL FROM at all! (It can address the Return-Path header field.) As far as SPF goes, what do they mean by "valid"? 1) capable of delivering a DSN (MAIL FROM <>) - SPF does not address this at all 2) used in an ethical and constructive manner (see FUSSP) - SPF does not address this either 3) used by MTAs authorized by the domain in the domain part via DNS - this is what SPF actually does Your comment was incorrect about not "validating" the entire address. SPF does, in fact, provide a way to "validate" (authorize) the localpart via macros (a feature protested vigorously by some). Note, while DKIM is a way for the MTA to sign emails and selected header fields, by signing the From header field, this effectively "validates" the From address as being part of a message authorized/signed by an MTA that knows the private key of the public key published in DNS for the domain. This is irrelevant for RFC 5321, however, which is concerned with the SMTP envelope. As to "belongs to the person who actually sent the email", that is the province of end to end crypto (see PGP MIME). No MTA protocol can address that. > (I've BCC'd the SPF and DKIM lists, to make sure that everyone there > sees this. But please post any followups to the SMTP list.) I'm not currently on the SMTP list. As to the acual text, I wouldn't delete it - you DO want to mention other standards attempting to address the problems implied by the word "valid address". While DKIM does not address the SMTP envelope, it is still a good pointer. The main thing is that RFC 5321 does not address the problem, and the existing text makes that clear.
- [spfbis] Error in RFC 5321 concerning SPF and DKIM Dave Crocker
- Re: [spfbis] Error in RFC 5321 concerning SPF and… Stuart Gathman
- Re: [spfbis] Error in RFC 5321 concerning SPF and… Dave Crocker