Am I accurate in my summation?
Yes. This is my understanding of DKIM.
--
Arvel
----- Original Message -----
From: "Earl Hood" <earl(_at_)earlhood(_dot_)com>
To: <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Tuesday, August 09, 2005 4:32 PM
Subject: Re: [ietf-dkim] DKIM Threat Assessment v0.02 (very rough draft)
On August 9, 2005 at 13:13, Dave Crocker wrote:
The intended thought was that having ANY accountable entity -- where the
accountability is meaningful -- improves the likely validity of the other
identity fields.
So, no, I had not intended to make direct validation of From or Sender a
prim
ary
goal.
If I understand your goals correctly, you see DKIM mainly defining the
domain owner the accountable entity for messages sent from that domain
versus the author/sender of the message. This implies that the domain
owner has some effective "policing" mechanism of the messages that
come from that domain regardless of who the author/sender is.
The author/sender has no direct accountability, or verifiability,
of their messages, with the exception of whatever domain-defined
accountability mechanism may be in place. I.e. The author/sender
is only accoutable to the owner of the domain it sends message from.
If any messages from a domain are abusive in nature (e.g. phishing),
it is the responsibility of the respective domain owner to address
the offending authors/senders, assuming that not doing so could get
the domain's reputation tarnished.
Since end user recipients do not need DKIM-aware MUAs, determining
which domains are "abusive" are the responsibility of receiving
domain owners.
Am I accurate in my summation?
_______________________________________________
ietf-dkim mailing list
ietf-dkim(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/ietf-dkim