Douglas Otis wrote:
On Aug 24, 2005, at 6:05 PM, Dave Crocker wrote:
On Wed, 24 Aug 2005 17:56:55 -0700, Douglas Otis wrote:
It is not the SSP statement that is the problem, but confusion about
forgery protections.
The concern I was responding to was quite clearly stated and specific
in its
focus.
It had nothing to do with forgery protection, but rather the
scheduling of work
on SSP.
After a lengthy discussion with Scott, it is clear he holds
expectations that DKIM's sole role is protecting the mailbox-domain.
This is expressed within the lead-in phrase "Forgery of headers that
indicate message origin". While the signature of the message may
encompass other headers, there is no assured relationship between the
signing domain and whatever may appear within a header 'assumed' to
indicate a message's origin. The lead-in phrase of the charter is
misleading as it does not speak to those uses where there is no
relationship whatsoever between the mailbox-domains and the signing-
domain. Mailbox-domains and the signing-domains being different is
even likely the typical case.
Please quote the post where I said that was DKIM's sole role.
I certainly said that it (meaning forgery protection) is the application
that's of most interest to me.
Scott Kitterman
_______________________________________________
ietf-dkim mailing list
http://dkim.org