On October 16, 2005 at 22:32, Jim Fenton wrote:
If there is an OA signature, there's one less degree of freedom and I
have a better assurance that the message actually came from the domain
of the From address. For other signatures, it doesn't really matter
what the role of the signer is: anyone can be a "mailing list" if they
want to.
This goes back to who does signing and when. It appears that the
original intent of DKIM was for signing by originating domains.
It then evolved to any domain that wants to claim responsibility.
The former has a known role while the others do not.
If additional roles will not, or cannot, be specified, I see no value
in signing unless you are the originating domain, where signer role
and semantics are better defined due to binding to originating
header fields.
There is little, to no, incentive for a domain to claim responsibility
for a message that does no originate from its domain if it cannot
specify the role it played in the transmission of the message.
--ewh
_______________________________________________
ietf-dkim mailing list
http://dkim.org