This is useful, but seems to ignore the discussion that has been surrounding
the fact the signature does not provide assurance about the source
yeah. maybe i should have tried for different language, but folks seem more
comfortable with that term and i wanted to see whether we could get basic
agreement on any sort of summary description.
- rather
it provides assurance that a specified signing party is vouching for the
message. The signing party may be associated with the source, or they may
not be. Accepting the message on the basis of the signature implies
accepting the relationship between the signing agent and the message
originator.
I like your last sentence, although the signer does not have to necessarily be
associated with the originator, since the message can be signed anywhere along
the path.
d/
---
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
WE'VE MOVED to: www.bbiw.net
_______________________________________________
ietf-dkim mailing list
<http://dkim.org>