Section 2.3 relates to the second alignment requirement I described. It is expected that the topmost signature's domain always be aligned to the domain in 5321.From. This does not mean that the signing domain must have alignment with the domain in 5322.From, except for the first signature which expects the signing domain to have alignment with both 5321.From and 5322.From. The text "the signing domain" there could be expanded to say "the signing domain of the topmost signature" or something similar, since there are expected to be multiple signing domains in many scenarios.
Is this a loss of flexibility? Yes. The proposal will not permit system A to direct bounces to system B, as a way to mitigate backscatter attacks. On Wed, Jul 23, 2025 at 3:59 PM Dave Crocker <[email protected]> wrote: > On 7/23/2025 10:25 AM, Allen Robinson wrote: > > Can you point to the specific section that you are referring to, if it's > not section 2.2? > > 2.3. > <https://www.ietf.org/archive/id/draft-gondwana-dkim2-motivation-03.html#section-2.3>A > signed bounce format, sent in reverse along the same path > <https://www.ietf.org/archive/id/draft-gondwana-dkim2-motivation-03.html#name-a-signed-bounce-format-sent> > > By having the mail-from address be signed and aligned to the signing > domain... > > > > My understanding is that there are two separate alignment requirements. > From section 2.2: > > 1) For signature chains with exactly one signature, the signature's domain > and the domain in the 5322.From must be aligned. > > By having the initial signature be from the domain aligned to the > From or Sender header... > > What is strange about this text is that there is nothing in the current > work that I've seen using the Sender field. > > (Historical note: Domainkeys used Sender:, not From:.) > > The reality with DMARC and therefore with the current work's attempt to > approximate/remedy/replace DMARC is that it forces the functional semantics > of From: to be what Sender: was defined to mean. This has serious negative > effects on end-user experience. > > > d/ > > -- > Dave Crocker > [email protected] > bluesky: @dcrocker.bsky.social > mast: @[email protected]+1.408.329.0791 <(408)%20329-0791> > > Volunteer, Silicon Valley Chapter > Northern California Coastal Region > Information & Planning Coordinator > American Red [email protected] > >
_______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
