Michael Thomas wrote in <[email protected]>: |Can somebody explain to me why the "back scatter" problem is related to |DKIM of any version?
No. Except that the recommendation to first try the signature related to the first address in From: is a bit misleading if there is not a single signature to match against that very thing, at all. It will be better -- or even graceful -- with DKIMACDC, because you likely try the one with the highest sequence and, dependent on the flag setting, with the (last seen) O flag. I am in an iteration btw, because of course mailing-lists and alias expansion at some destination change the actual set of RFC 5321 aka envelope receivers, and therefore must themselves be able to act as "O"riginators. We therefore need several "O" flags along the way, and the subsignatures must refer to the actual base sequence number that created them, since "no. 1" is not necessarily it. Also we need multiple subsignatures for several different algorithms. Therefore we need the possibility for multiple identical sequence numbers, say "1", for the same domain, and all with the "O" flag set, but with different keys/algorithms. Like that clients can choose. Other than that i think DKIMACDC is pretty much fine out, except iterations and polish; DNS record layout (if not simply CNAME); and of course that possible full-instance-rfc822-forward, which has to go to the "last originator", not that "O" of sequence number 1. (I do not think we can "split" and send to multiple, even if the chain is valid to the "original-originator", to avoid denial of service .. i think.) It is all about SMTP with DKIM, anyway. (Scratch RFC5322.From.) A nice Sunday everyone, if you can (otherwise even more so). --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) | |In Fall and Winter, feel "The Dropbear Bard"s pint(er). | |The banded bear |without a care, |Banged on himself for e'er and e'er | |Farewell, dear collar bear _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
