dkim-ops
[Top] [All Lists]

Re: [dkim-ops] FYI: protecting subdomains in signature with dkimproxy

2009-02-01 21:33:37
John Levine wrote:
[1] John's Full Name: John Smith
[2] John's Position: Student of Computer Science Dept.
[3] John's email address: smith(_at_)cs(_dot_)dkim(_dot_)edu
[4] Signature's Default Domain: dkim.edu
[5] Signature's Selector: student.cs
[6] Personal Identity of the Signature: smith(_at_)cs(_dot_)dkim(_dot_)edu

This is not a good use of selectors.  The point of selectors is for
key management, not identity management.  Receivers are going to use
either d=dkim.edu or i=smith(_at_)cs(_dot_)dkim(_dot_)edu for their 
evaluation, and
won't even see the student part.

Ah yes, good point!

If you want to have signatures for students at cs.dkim.edu, use
d=cs.dkim.edu, and arbitrary selectors you can change without having
to change everyone's identity.  If you want to encode the category of
user into the i=, that's easy enough, either by d=student.cs.dkim.edu,
or perhaps i=smith(_at_)student(_dot_)cs(_dot_)edu(_dot_)

In my system, I encode the mailstream into the i= (see the signature on
this message) and it works well.

Then i'll study more about that. Thanks for advice and reply!

byunghee
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops