On August 20, 2005 at 17:14, Douglas Otis wrote:
You can't stop forgery without stopping forgery. Some things that are
perhaps technically forgery are considered desireable. Other things
that aren't forgery might be affected by forgery prevention protocols.
Stopping forgery requires a system analogous to S/MIME or OpenPGP.
Depends on the level of forgery you want to address.
Anti-forgery may be seen as a cause to garner support. However, in
reality DKIM is ill suited to satisfy such a goal directly.
I think the scope of DKIM is what is being debated also, so to
claim it is "ill suited" for something will depend on what you think
the scope of DKIM is.
DKIM has
the limited scope of _just_ the signing domain. Forgery or non-forgery
can not be directly determined by the signing domain.
Correct. That is why the role of the signer is important.
There is no practical benefit attempting to conditionally select headers
that must share the domain of the signature. Headers may not be
displayed, or displayed by the pretty name. The mere option of the
binding and the possible lack of display seriously erodes any presumed
value, but increases susceptibility to fraud, which would be a dubious
cause for garnering support.
Your statements imply value at the MUA level, but many see value at
the MTA level, where MUA awareness may not be required (but can be
beneficial). I.e. MTA's see everything and do not concern themselves
with the human display factors.
For MUAs that become DKIM-aware, they can make sure to display
whatever appropriate headers need to be displayed to give proper
feedback to the recipient. Therefore, I am unsure what you are
getting at here.
--ewh
_______________________________________________
ietf-dkim mailing list
http://dkim.org