ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] linkage between "originator" and "handling agent"

2005-08-17 11:12:06
On August 17, 2005 at 09:03, Dave Crocker wrote:

In fact the main reason that I question the need to have most/any of SSP --in
 
the *first* round of standardization -- is that there is quite a bit of utili
ty 
in exactly the scenario you describe:  A message arrives with a signature.  
*ANY* signature.  There is quite a bit of useful information derived from 
validating that signature, or having the signature fail validation.  

Huh.  You seemed to be supporting the route I was advocating of
define a basic signature algorithm and then define applications
on top of that.

Anyway, a signature itself has no real value.  Now some value is
implied depending how keys are managed.  Since (I'm guessing) you
are quietly inferring that keys are retrieved from DNS, then some
semantics to the signature are being defined.  It is these semantics
that provide value, key retrieval provides little go on from
a verification perspective.

Without having well-defined semantics and bindings for a signature,
a signature has no value at the application level.

There is *MORE* useful information if the validator can know that the signatu
re 
ID is "authorized" by the rfc2822.From domain administrator, but that 
information is not essential for creating an initial base of utility.

Would you please elaborate more on what you consider to be the
"initial base of utility"?

--ewh
_______________________________________________
ietf-dkim mailing list
http://dkim.org