On 6/17/2013 2:36 PM, Laura Atkins wrote: > I am in the process of reviewing the technical setup of a client > installation. This client is using the VERP string (Return Path / > Envelope From) in the i= of their DKIM signature. > > The signature looks like this: > > DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=ci; > d=inbox.example.com; > i=verpprefix-laura=2dinterdirect=40wordtothewise.com-2979-83348823-24644-bou...@inbox.example.com; > > h=content-type:mime-version:subject:list-unsubscribe:reply-to:to:from:date:message-id; > bh=HbLebYQFYQmYej07DLVID9lCjc8=; > > Based on my understanding of DKIM, this isn't necessarily violating > the DKIM spec, but it does seem to be not the right thing to use for > the i= value
My understanding of i= semantics is that it has no formal meaning except to its creator.[1] As long as the syntactic form is followed, it is acceptable for it to contain anything.[2] At which point I'd expect the constraints to be privacy and utility, according to whatever criteria the creator wishes to invoke. > I'm thinking my client should stop doing this, just because it really > seems wrong but I have no justification for recommending that other > than "that can't be right." > > I haven't been able to find anything that discusses the intention > behind the i=. I expect they chose this i= because that's the > envelope from, but the i= is suppose to be a person, not a mechanical > address, correct? Different people had different intentions for i=, over the course of i= development. Basically, the original spec promoted some confusion on its role and the role of d=. We followed up with an effort to explicitly resolve this. The above statement summarizes my understanding of the result, for i=. d/ [1] That is, pretty much the i= value is only useful for returning to the creator. One can imagine utility when a receiver is interacting with the originator in problem handling, for example. [2] And, of course, there's the constraint: "The domain part of the address MUST be the same as, or a subdomain of, the value of the "d=" tag." But I'd consider that a minor point, for the kind of question being asked here. -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html