Folks,
Here's thought:
Both the SPF/Sender-ID history and the current DKIM discussion about SSP involve
enforcing a linkage between "originator" ID and "handling agent" ID. It is also
the basis for private lists maintained by some recipient sites. (It also came up
during CSV development, the the specifications did not reach quite that far.)
As a matter of simplifying the situation for some interesting set of messages
that are received, it is clear that folks believe it useful to have a way of
enforcing a linkage between these two types of identities.
The simple form of the test is:
If an originator's site invokes this linkage as a public policy, and
if a message fails to satisfy the linkage,
then the message should be treated as having invalid
origination information.
There are various types of identifiers that relate to the originator and
various others that relate to handling agents. I've tried to avoid listing
specifics in order to focus on what seems to be an underlying requirement.
In fact this requirement seems so basic and pervasive that
I am wondering whether it is necessary or appropriate to
restrict it to a particular authentication technique?
Equally I am wondering whether it is not distracting from the core DKIM
authentication work to emphasize this particular requirement prior to
deployment of a signing/validating mechanism.
In other words, it is starting to look as if the mechanism for enforcing
originator/handling linkages needs separate focus from techniques for
performing authentication.
Thoughts?
d/
---
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
WE'VE MOVED to: www.bbiw.net
_______________________________________________
ietf-dkim mailing list
http://dkim.org