On October 11, 2005 at 18:34, "Arvel Hathcock" wrote:
We do mention forgery, but I don't think we point out
clearly enough that it's the forgery that this is
addressing, and not other aspects of spam fighting.
Right. Apparently there were some problems with the use of the word
"forgery" the first time around too. Forgery may need to be defined in the
charter so that everyone is clear on our use of the term. One definition
of "forgery" that I think works in this context is "use of a domain name in
an email identity header without the consent of the domain owner".
I'm not sure this actually represents forgery versus denoting
unauthorized used. Unauthorized use does not necessarily mean forgery.
If you want to go with your definition, it is best to drop the term
"forgery" and go with "unauthorized use" instead.
BTW, there are two levels of identities in email: address-level
and domain-level. Your definition implies the latter. If the term
"forgery" is to be used, it may be better to use the term "domain-level
forgery" to be more explicit about the scope.
--ewh
_______________________________________________
ietf-dkim mailing list
http://dkim.org