On 6/21/2022 9:20 AM, Alessandro Vesely via mailop wrote:
Mail forwarded by gmail, for example, has an X-Google-DKIM-Signature but
is not otherwise DKIM-signed. It is ARC-sealed. (Brandon Long
explained why a couple of years ago[*]).
Hmmm. Sorry I missed his message when it originally came through,
because he is asserting semantics for DKIM that, I believe, go far
beyond what the specification provides. He wrote:
The DKIM-Signature is an "ownership" thing, it's a message originator that
is saying
"associate this message to me".
Intermediaries don't want to take ownership of the message in that sense,
though there
are some mailing lists that do.
whereas the DKIM specification says:
DomainKeys Identified Mail (DKIM) permits a person, role, or
organization to claim some responsibility for a message by
associating a domain name [RFC1034] with the message [RFC5322], which
they are authorized to use.
So he is taking "some" to mean quite a bit more than was intended or, I
believe, than the language implies.(*)
Field-experience often differs considerably from the theory in a
specification. So it's possible that this aspect of DKIM needs
revision, to provide a statement of semantics that adequately correspond
to the real world.
But that should a matter of community discussion and agreement, of course.
d/
(*) It occurs to me that a different view is that, actually, email
handlers don't carry any responsibility for the mail that transits
through them. I'd find that an amusing stance and hope that it is not
the community view.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
