On 5/5/2011 8:12 PM, Murray S. Kucherawy wrote:
From: Michael Thomas [mailto:mike(_at_)mtcc(_dot_)com] Sent: Thursday, May
On 05/04/2011 08:34 PM, Murray S. Kucherawy wrote:
Technical: The AUID is an unvetted value. The local-part and the
subdomain could be garbage. It's inappropriate for a security protocol
to return a possibly false value in the context of saying something was
I don't think this is correct. The signer creates and signs the i= value,
so it's not "garbage",
By "garbage", I mean "not guaranteed to have any useful meaning".
So, I believe, it's essentially meaningless as far as the protocol can
stipulate. Assertions of its semantics thus fall outside of the base DKIM
It's worth noting that Murray said 'could be'.
But Murray's final paragraph has the essential points: within the scope of the
DKIM Signing specification, the receive-side has no way to determine what the
semantics of i= are, as we discussed at great length when formulating the Update
But, then, folks on the list already know that.
NOTE WELL: This list operates according to