[UA-discuss] OpenSSL, was Where should IDN translation happen?
John Levine
john.levine at standcore.com
Thu Nov 15 15:56:51 UTC 2018
On Thu, 15 Nov 2018, Michael Casadevall wrote:
> The short version here is that the From: and To: field is specifically
> set by the user, and is used in SMTP specifically as the MAIL FROM and
> RCPT TO commands.
No, you're confusing the message body, which is what S/MIME signs, and the
SMTP envelope, which is outside the scope of S/MIME. In an EAI message
the addresses in the To: and From: headers should use U-labels. A-labels
are allowed but not encouraged.
> - If DANE is being used, the outbound server checks TLSA records after
> STARTTLS
That is completely unrelated, verifying the name of the mail server which
has nothing at all to do with any To: or From: header.
> - IDN translation happens if necessary, standard SMTP processing
> happens here. MX records are downloaded, checks against DKIM/SPF run
> against the A-label of the From field address
Sorry, more confusion. SPF checks against the message envelope, DKIM
checks against the DKIM-Signature header. Neither looks at the addresses
in the To: or From: fields. DMARC tries to match the From: address with
the SPF or DKIM identity but that's even less related to S/MIME.
Regards,
John Levine, john.levine at standcore.com
Standcore LLC
More information about the UA-discuss
mailing list