On 22 Jul 2013, John R. Levine wrote: > >> "EDSP" would be tier 1 both senderside and receiverside. That's its > >> selling point. ... > > >> TPA ADSP enhancements are tier 1 receiverside and just-barely-above tier > >> 3 senderside. ... > > Did I miss some I-Ds describing these?
TPA ADSP is Otis' baby, not mine. He has written drafts on it, although they are expired now. EDSP is just a concept at the moment. That's why I sayed "'EDSP' would be" instead of "EDSP is". Your question about drafts has two possible implications. The first is "I'm not going to pay any attention to Michael until he takes up RFC lawyering." In which case I can't help you. Another is that you just want a more concrete proposal to attack. So: My fantasy of EDSP is to have it as a new modifier to SPF records. This would avoid an extra DNS lookup when deploying it at a receiver that already checks vanilla SPF. Burying it in ADSP or DMARC wouldn't work as well, because then two lookups would be needed in the case that MAIL FROM: and From: differ. Only the direct SPF record for the domain would need to be checked - EDSP would ignore SPF redirections and includes. (Because of the connection to SPF, I've brought up ideas similar to this on spf-discuss years ago. Unfortunately they seem to be in a Not Invented Here mood regarding DKIM.) It would be a simple boolean -- either a sender domain has it on or off. If it's on, then a receiver site would be expected to enumerate through the DKIM signatures looking for a one that is both valid and where d= matches the MAIL FROM: domain. If none is found, then the recipient is strongly encouraged to 5xx the transaction attempt. (Obviously bouncing isn't a good idea.) Some people here seem to have a problem with the fact that the MAIL FROM: is not recapitulated in any header that DKIM can protect against alteration. I don't get why this would be a serious problem. It does mean you can replay a message with the MAIL FROM: altered, but you are still restricted to domains that have signed the message and cannot alter the body. I don't see the use to the bad guys. ---- Michael Deutschmann <mich...@talamasca.ocis.net> _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
