Eric Allman wrote:
I'm not sure that we aren't in agreement here. But I'm also not sure
that we are.
The granularity of the identity is (potentially) per user.
Yes. This what I believed to be incorrect in Dave's statement.
But the
granularity of the signer is per-selector.
Yes, which is under the control of the domain, not the
individual user (unlike PGP/SMIME).
Thus, the identity in i= is
really a statement by the domain that "I have good reason to believe
that this is the responsible party" --- and "good reason to believe" is
left undefined, at least in the DKIM spec.
Yes.
The point is really to be able to establish accountability. Viewed
externally, the domain is the responsible party for the message. But
internal to that domain, the local-part of the i= is useful. This is
almost a one-for-one analogy with email addresses, where the local-part
is opaque to all but the recipient domain.
Well, it may be opaque to the mail transport system, but
origination addresses are not taken as opaque by end users.
In this respect, DKIM does seem to want to make them
somewhat less opaque wrt the verification/binding process.
Mike
_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim