On 2010-09-29 at 11:06 -0700, Todd Lyons wrote:
> Now this is a dkim question. My macro to set the signing domain uses
> $sender_address_domain, which is the domain portion of the _envelope_
> sender. A previous implementation that I had seen used the domain
> portion of the _header_ sender. Which is correct? Or is the answer
> "it depends" ?
AFAICT it's unspecified and up to you. The identity being asserted is
included in the DKIM signature header. It's worth noting though that
the From: header is *always* signed, and is the only header which must
be signed, so is protected, while the envelope is unsigned. Also,
MUAs tend to display the From: header but not the envelopes.
The only MUA I've dealt with that supports showing DKIM information is
Gmail [note that I'm not claiming it's the only MUA with this support,
only that it's the only one I've used]. In Gmail, the signature
information is shown as the "signed-by" pseudo-header under "more
details".
So, it makes most sense to me to match the signature to the From:
header. Against this, do remember that the From: header is allowed to
contain multiple email addresses, while the envelope contains only one,
so the envelope is easier to work with.
I haven't thought about this deeply, but: what are the circumstances
under which you'd want to sign an email where the envelope sender isn't
the same as one of the addresses in the From: header? For instance, is
it worth having the signing Router have a:
condition = ${if eq{${lc:$sender_address}}\
{${lc:${sg{${addresses:$h_from:}}{:.*}{}}}}\
}
on it, so that cases where the envelope sender doesn't match the first
from address are not signed?
This appears to be an area which the RFC writers have punted upon.
-Phil