Re: [EAI] Re: SPF and DKIM

To: <ima at ietf.org>, "Kari Hurtta" <hurtta+gmane at siilo.fmi.fi>
Subject: Re: [EAI] Re: SPF and DKIM
From: "abel" <abelyang at twnic.net.tw>
Date: Thu, 8 Mar 2007 16:26:44 +0800
Cc:
List-archive: <http://www1.ietf.org/pipermail/ima>
List-help: <mailto:ima-request@ietf.org?subject=help>
List-id: "EAI $Email Address Internationalization$" <ima.ietf.org>
List-post: <mailto:ima@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ima>, <mailto:ima-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ima>, <mailto:ima-request@ietf.org?subject=unsubscribe>
References: <E1HMsDy-0002br-3R@stiedprstage1.ietf.org><03f301c7614d$e918a130$c7d348d3@aabbeell> <5dirdcchpo.fsf@Hurtta06k.keh.iki.fi>

Thanks for Kari comments,
These remind us to pay attention to more details in SPF and DKIM

> On general if you have
>      ehlo twnic.net.tw
>      mail from: <UTF8 at twnic.net.tw>  ALT-ADDRESS=forwarder at gateway.example
>
>
> if gateway.example ia providing forwarding service, it practically
> can not provide SPF records --  not providing SPF records is part
> of service.
Yes, but users/clients dont know whether their provider has SPF record in
their ALT-ADDRESS,
If there are SPF in thoes domain include '-all' , that maybe cause their
mail to be rejected.
Mail adminstrator is hard to explains those issue to their clients.


> > 2. DKIM
> >     Header change (downgraded / drop ) maybe break the signatures,
>
> Also header change ( conversion to UTF-8 by IMAP/POP server) may
> break signatures. This also need to be discussed.
Agree!  we miss.

>
> Currently 'downgrade' part of algorihm even do not preserve
> original header fields (except address header fields) to
> 'Downgraded:' -header fields.
I 'm not sure what headers information we lose, but 'change' is a issue in
DKIM

> If algorithm is modified and original header fields are preserved
> on Downgraded: -header field, on Donwgrading -undo algorithm there
> is little problem -- it needs to know which one header fields must
> discard -- it must discard correspond downgraded header field,
> when restoring data from Downgraded: -header field -- otherwise
> more header fields with same name is generated than on original message.
yes, agree!

> B)
>
> DKIM signature verify may accur on agent which do not know about
> UTF8SMTP protocol -- therefore it will not know how to upgrade header
fields.
>
> That also causes that DKIM signature verify fails.
>
> To prevent that downgrading need to move DomainKey- -header fields
> to Downgraded: -header fields and destroy original header fields.
>
> ... problem there is that downgrade procedure needs know every signing
>     protocol ...
>
>
> ( You may want compare how I proecess exatcly this same promlem
>   on my draft-hurtta-eai-encapsulation-00.txt  draft. )
yes, DKIM dose not know how to -undo header fields in 'Downgraded',
and our Drafts does not memtion those more details.

Abel


_______________________________________________
IMA mailing list
IMA at ietf.org
https://www1.ietf.org/mailman/listinfo/ima

Follow-Ups:
- Re: [EAI] Re: SPF and DKIM
  - From: Harald Alvestrand
- Re: [EAI] Re: SPF and DKIM
  - From: John C Klensin

References:
- [EAI] I-D ACTION:draft-ietf-eai-utf8headers-03.txt
  - From: Internet-Drafts
- [EAI] SPF and DKIM
  - From: abel
- [EAI] Re: SPF and DKIM
  - From: Kari Hurtta

Prev by Date: [EAI] Re: SPF and DKIM
Next by Date: Re: [EAI] SPF and DKIM
Previous by thread: [EAI] Re: SPF and DKIM
Next by thread: Re: [EAI] Re: SPF and DKIM
Index(es):
- Date
- Thread

Re: [EAI] Re: SPF and DKIM

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.