Eric Allman wrote:
That is not correct. The local part of the i= is intended to
provide a binding to the local part of outside origination
headers, not just the domain part. Which is why it is,
in fact, a primary goal.
That doesn't change the fact that it is the /domain/ signing a message,
not a user. That domain may identify the individual user in such a way
that is within the comfort zone of the signing domain administrator, but
the keys are still owned and administrated by the domain owner.
That's all true, but that's not what Dave asserted:
> This is precisely what DKIM does. It is the domain administrator who
> defines
> the DNS records used by DKIM and DKIM's granularity of the validated
^^^^^^^^^^^
> identity is a domain name.
^^^^^^^^^^^
There's finer granularity than the domain name. The i= defines
it, not to mention the g=. Which in terms of a problem statement,
etc, is misleading to say that it's a secondary goal; it's been
a primary goal all along for everybody that I can determine except
Dave.
Mike
_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim