On October 14, 2005 at 14:28, Barry Leiba wrote:
The DKIM working group will produce standards-track specifications
that allow a domain to take responsibility, using digital signatures,
for having taken part in the transmission of an email message and to
publish "policy" information about how it applies those signatures.
Taken together, these will allow receiving domains to detect (or rule
out) spoofing in many circumstances.
I think there is a mixture of two things in the above: claiming
responsibility and anti-spoofing. Claiming responsibility can be a
different operation from any anti-spoofing operation. There appears
to be a leap-of-faith in stating, "receiving domains to detect (or rule
out) spoofing in many circumstances." Especially the use of "many".
It may be better to state:
The DKIM working group will produce standards-track specifications
that allow a domain to take responsibility, using digital signatures,
for having taken part in the transmission of an email message and to
publish "policy" information about how it applies those signatures.
Taken together, these will assist receiving domains in detecting
(or ruling out) certain forms of spoofing as it pertains to the
signing domain.
In sum, we should be careful in mentioning anything about anti-spoofing
unless anti-spoofing is a major goal. If it is, it may help to
mention what forms of spoofing are to be addressed.
The first sentence of the paragraph seems to imply that only hop-based
spoofing will be addressed.
--ewh
_______________________________________________
ietf-dkim mailing list
http://dkim.org