-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In message <[email protected]>, Bron Gondwana <[email protected]> writes
> Richard got back to me and doesn't like nd=, it required the sender to do extra work just in case their email was to be forwarded -- so the incentives were all wrong. Additionally, the proposal to use extra MX records to deduce the domain that might do that forwarding was unlikely to work especially widely... > so in version 4 I used > his proposal of pp= instead, putting responsibility on the > receiving system to provide information about the domain it's > signing on behalf of, email turns up with [email protected], and the next hop is [email protected] rt=fred@wherever d=bigplatform.com pp=vanitydomain.com and the validity of this checked by resolving _pp.vanitydomain.com and determining if a TXT record names bigplatform.com as a legitimate forwarder of their mail... this allows BigPlatform to forward email that arrives to vanitydomain.com without having to obtain signing keys from the owner of vanitydomain.com if fred is a bad person then they can be blamed appropriately > Anyway, we can discuss the various approaches in Montreal! It's > good to have both documented. or on the list of course... BTW: the pp= mechanism is relatively new so the DKIM2 keys draft probably won't be altered before the deadline -- but https://datatracker.ietf.org/doc/draft-clayton-dkim2-spec/ is there for your reading enjoyment whilst I am writing, "+1" for the WG adopting Bron's headers document - -- richard @ highwayman . com "Nothing seems the same Still you never see the change from day to day And no-one notices the customs slip away" -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBaPaMZmHfC/FfW545EQJtpgCdHsUvJ03RpOZ10ELVSRngtM/9860AoNhS YDeVS23yAeOXn3KhUUxUyE2N =dsnW -----END PGP SIGNATURE----- _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
