DKIM Deployment

[Jesse Thompson <>]

On 1/13/2010 6:27 PM, Jim Fenton wrote:
> Jesse Thompson wrote:
> > Ned is a developer for this product. Here is another quote from Ned's
> > other message in this thread.
> >
> > " attempting to keep DKIM signatures intact across multiple hops is
> > an exercise in futility, so there is no point in purusing this or
> > any of the dozens of other things you'd have to do to even stand a
> > chance of this working.
>
> I don't see why multiple hops are a problem; it isn't as though the bits
> fade or anything! It does, perhaps, increase the likelihood that some
> MTA along the line is going to fiddle with the message, but in practice
> most messages pass between domains on only one hop. That's the part of
> the message transit that you need to worry about, because it's not under
> the control of either the signer or verifier.

Right.  Ned is telling me that I'm applying DKIM too late into the 
processing within our system.  It would work if I applied it at the 
moment of egress.

I had just assumed that it would work across multiple hops, so I assumed 
it would work at any hop within our system.

This changes the applicability of DKIM, and I will have to rethink how 
it can benefit our needs.

Jesse

--
  Jesse Thompson
  Division of Information Technology, University of Wisconsin-Madison
  Email/IM:

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature