[EAI] SPF and DKIM

To: <ima at ietf.org>
Subject: [EAI] SPF and DKIM
From: "abel" <abelyang at twnic.net.tw>
Date: Thu, 8 Mar 2007 14:49:23 +0800
List-archive: <http://www1.ietf.org/pipermail/ima>
List-help: <mailto:ima-request@ietf.org?subject=help>
List-id: "EAI \(Email Address Internationalization\)" <ima.ietf.org>
List-post: <mailto:ima@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ima>, <mailto:ima-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ima>, <mailto:ima-request@ietf.org?subject=unsubscribe>
References: <E1HMsDy-0002br-3R@stiedprstage1.ietf.org>

Do we discuss those more ?

1. As I know in SPF
    SPF TXT record listed where  my email come from list in this domain ,

    A example in downgrading :
>>ehlo twnic.net.tw
>>mail from: <UTF8 at twnic.net.tw>  ALT-ADDRESS=ASCII at gmail.com  # EAI-aware
>>rcpt to:<UTF8 at other.domain>     # non-EAI-aware

when the downgraded mail transmits , if other.domain run SPF check, we can
pass in SPF helo check ,but fail in SPF  sender check (ascii at gmail.com) if
gmail.com SPF records with -all unless gmail.com adds SPF for us,
but it seems impossilbe to do that.
Fujiwara's downgrade-03 draft said 'more detailed consideration is required'
in Section 5, But I think that SPF sender check will break ALT-ADDRESS
without
restriction.


2. DKIM
    Header change (downgraded / drop ) maybe break the signatures,

a downgraded mail keeps the original header can follow DKIM, but DKIM
should know how to verify and reduction.

2.1 Downgrading after DKIM, some header value has changed by downgrading
   procedue when transmits, DKIM verifier should restores 'Downgraded:'
   header to verify, and all 'Downgraded:' headers are above
'DomainKey-Signature'
   header.
2.2 Downgrading before DKIM, DKIM signs the downgraded headers, it's
possible
   to include 'h=Downgraded:' in 'DomainKey-Signature', all 'Downgraded:'
   headers are under DomainKey-Signature header, DKIM verifier should verify
   all 'Downgraded:' headers if there are 'Downgraded' in tags 'h='

   And we still need to more consideration about the downgrading impact  in
   DomainKey-Signature  tags 'd=' (domain) 'i=' (sender) 'z=' (header name
   and header values in quoted-printable) or more.



If we drops header values (such as uFor or others ) and the headers are
signed in
'DomainKey-Signature' will cause Domain Key verifier  treats as a bad
signature
if they do not appear ,especially in trace field, that's fine in trace filed
rule
and DKIM siner/verifier issue.


_______________________________________________
IMA mailing list
IMA at ietf.org
https://www1.ietf.org/mailman/listinfo/ima

Follow-Ups:
- [EAI] Re: SPF and DKIM
  - From: Frank Ellermann
- Re: [EAI] SPF and DKIM
  - From: Charles Lindsey
- [EAI] Re: SPF and DKIM
  - From: Kari Hurtta

References:
- [EAI] I-D ACTION:draft-ietf-eai-utf8headers-03.txt
  - From: Internet-Drafts

Prev by Date: [EAI] Re: From Jari: Re: Your DISCUSS on draft-ietf-eai-framework-05 (fwd)
Next by Date: [EAI] Re: SPF and DKIM
Previous by thread: [EAI] I-D ACTION:draft-ietf-eai-utf8headers-03.txt
Next by thread: [EAI] Re: SPF and DKIM
Index(es):
- Date
- Thread

[EAI] SPF and DKIM

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.