Keith Moore wrote:
Dave Crocker wrote:
On Fri, 19 Aug 2005 23:33:11 -0400, Keith Moore wrote:
It shouldn't be an either-or choice. The author should be able to
sign the
message indicating that he wrote the content (so that a recipient can
verify
that yes, it really was written by who it says), and the list should
be able
to sign the message to indicate that the message was forwarded via
the list
(so that a recipient can verify that yes, the message really did come
from
the list).
This describes two different semantics for a DKIM signature. Where
does the current DKIM specification provide for such distinction in
the semantics, so that it can be reliably and accurately interpreted
by a verifying agent?
I don't think it does. And I think this is a problem.
If that's true, there'd need to be a third semantic because a
domain level assertion from the originating domain is not
semantically the same as a "author" signature. But I
really don't think that DKIM provides "author" signatures
and I really don't see what that is an important goal;
SMIME or PGP seem a lot better suited for that. Assuming
by "author" you mean that there's a good amount of guarantee
of a binding between content creator and signature (this is
especially true given that initial/most deployment will be
in MTA's).
Mike
Mike
_______________________________________________
ietf-dkim mailing list
http://dkim.org