On July 29, 2005 at 11:45, Michael Thomas wrote:
This is completely confusing me. The signing entity is what it is, but
the signing entity may want to assert that there is a binding between
the signature id and one or more of the outer addresses such as From
or Sender. This binding mechanism was removed from the -base draft
and was intended to be put into the -ssp draft, but we ran out of time.
Ah. BTW, what was the time constraint?
So it seems to me that there are three cases:
1) the signing identity has no relationship at all to any of the outer
2) the signing identity has a relationship with a non-From outside address
3) the signing identity has a relationship with the From address
"Third party" is probably imprecise since it could mean 1, 2 or both. I
impression that what people are talking about here is (2) though, but I'm
FMPOV, 3rd-party refers to the relationship of the signer to the OA
(Orignating Address), where an authorized 3rd-party is the entity that
is allowed to sign messages on behalf of the OA. This would encompass
(3) in your list.
(1) and (2) could be considered "outside" parties interesting in
signing the messages for reasons not associated with the OA.
What is missing from DKIM is the ability to define what a signature
is bound to. Something that would be beneficial for multi-signature
cases and cases of entities wanted to sign messages as a verification
trail vs any association with the OA.