Re: [ietf-dkim] DKIM charter

At this stage of the game, with substantial consensus on the current 
wording, I think we should be making only small, surgical changes than 
complete changes in wording.
The ability for the message to be signed by a different domain is 
covered by the wording in the first paragraph, "...that allow a domain 
to take responsibility, using digital signatures, for having taken part 
in the transmission of an email message..."
-Jim

Douglas Otis wrote:

> On Nov 14, 2005, at 2:04 PM, Jim Fenton wrote:
>
> > Barry,
> >
> > > DESCRIPTION OF WORKING GROUP:
> > >
> > > The Internet mail protocols and infrastructure allow mail sent  from 
> > > one
> > > domain to purport to be from another.  While there are sometimes  
> > > legitimate
> > > reasons for doing this, it has become a source of general  
> > > confusion, as well
> > > as a mechanism for fraud and for distribution of spam (when done
> > > illegitimately, it's called "spoofing").
> >
> > The parenthetical seems to be a bit misplaced, and might fit better  
> > to the use of the word "legitimate".  This might read more easily  if 
> > broken into two sentences.
>
> Considering the potential for this statement to be in conflict with  
> existing practices, perhaps much of the otherwise difficult  
> justifications can be avoided by restating the intended goals of the  
> working group.  For example, it should be perfectly legitimate for  
> the From to be signed by a different domain.  Otherwise, the  
> resulting disruptions will likely prevent DKIM deployment.  Even  
> adding just a Sender header has been problematic.  How about:
> ----
> Verifying a domain accountable for a message is a problem for users  
> of Internet mail when deciding whether to accept messages.  DKIM  
> verifies a signing domain name that serves as a basis for trusting  
> the selected content and headers within a message.  The DKIM working  
> group will produce standards-track specifications that permits  
> authentication of a domain name associated with the message using  
> public-key signatures and based upon domain name identifiers.  This  
> specification will also verify that the selected content and headers  
> were not changed subsequent to the signature.
> In special cases, the accountable domain may wish to assure the  
> recipient that all messages having an originating email-address  
> within this domain will be signed by the domain.  This assurance is  
> to abate spoofing that has become common for some types of  
> transactional email.  This assurance will be in conflict with current  
> practices where the purported author is not associated with the  
> signing-domain.  To prevent undue conflict and disruption, the lack  
> of originating email-address assurances must be considered normal and  
> fully acceptable, and partial assurances should never be used.
> ----
>
> -Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org