On Tue, 15 Apr 2008 21:19:40 +0100, Douglas Otis <[EMAIL PROTECTED]> wrote:
> On Apr 15, 2008, at 4:09 AM, Charles Lindsey wrote: >> But how do you know which protocol the message was written for? >> >> If it arrives at your site via SMTP, then you should apply the ADSP >> rules appropriate to SMTP. If it actually started life being >> transported by XXTP, then you just have to assume that the XXTP to >> SMTP gateway had fixed it up (e.g by not letting it through at all >> if it was going to violate someone's policy). Actually, we are looking at the wrong question. Any RFC 2822 message might be signed (or not). But the <addr-spec>s in RFC 2822 contain "domain"s, and I think that there is an inbuilt presumption that these are "domains" as understood throughout the internet, and can therefore be expected to be found in the DNS. TYhat is quite separate from the fact that they might be sent via protocols other than SMTP. For example, a pure UUCP message would have a From header like From: foo!bar!baz in which case it is not an RFC2822 message at all. Likewise a pure X.400 message. > > SMTP only defines "MAIL FROM" as an SMTP suitable email-address. > Email-addresses contained within the RFC2822 headers may adopt > different regimes pertaining to different address resolution or > transport protocols. In addition, DKIM is not limited to an email > address suitable for SMTP. One might assume any email-address signed > by DKIM is suitable with SMTP. However, a transport protocol > transition will likely involve transport conversion gateways. And we have to presume that the conversion gateway did the "right thing" with the From headers. Moreover, the problem is worse than that. Suppose the From header was From: A,B,C,D where A and B might be reachable via SMTP and C and D not so. And it might have To: E,F,G,H where E and F were reachable via SMTP but not G and H. Now, suppose you are the verifier at E (so it arrived via SMTP, and had perhaps been SMTP all along). You want to know whether it should have been signed by C and D. Your move! > For example, assume XXTP uses a different discovery method from that > of SMTP. To clarify a protocol dependence, email-addresses using a > new protocol might include a postfix label of 'xxtp', such as > "[EMAIL PROTECTED] It might. And then again it might not. -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Web: http://www.cs.man.ac.uk/~chl Email:[EMAIL PROTECTED]: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html