Earl Hood wrote:
On October 11, 2005 at 21:50, "Hallam-Baker, Phillip" wrote:
I have a DKIM-SL client that is designed to add an end user signature.
How to you distinquish between an end-user signature and a signature
created by a gateway? I.e. How does a DKIM verifier know for sure
that a given signature was created by the end-user versus some
other entity?
In general, DKIM isn't an end-user signature; it's a signature from a
domain owner (or, more accurately, whoever controls the _domainkey
subdomain of a domain). Signatures are usually created by gateways; we
don't expect MUAs to be signing things in most cases. So perhaps the
question should be, "How do you distinguish between a signature from the
original end-user's domain for that end-user?"
DKIM SSP approaches this a little differently. Given the fact that it's
almost always the RFC 2822 From: address that gets displayed to the
recipient, it asks whether there is a valid signature for that address
on a message. If so, it's considered a "first-party" signature and
satisfies an Exclusive signing policy (denoted by !), and if the only
valid signature(s) are for other addresses, it's a "third-party"
signature and might be handled differently.
-Jim
_______________________________________________
ietf-dkim mailing list
http://dkim.org