Douglas Otis wrote:
---[A: Misstatement of the DKIM mechanism.]
,---
| 1. Introduction
|
| DomainKeys Identified Mail (DKIM) [I-D.allman-dkim-base] defines a
| mechanism by which email messages can be cryptographically signed,
| permitting a signing domain to claim responsibility for the use of a
| given email address.
'---
A verified signature does not indicate that the signing domain is
claiming responsibly for some email-address found within the message.
It is not a reasonable practice for a general access provider to inject
a Sender header just to meet this expectation. This has already caused
problems and should be avoided.
This should read:
: DomainKeys Identified Mail (DKIM) [I-D.allman-dkim-base] defines a
: mechanism by which email messages can be cryptographically signed,
: permitting a signing domain to be held accountable for the message.
: When an email-address contained within the message is also within
: the signing domain, and noted within the 'i' parameter, the signing
: domain may also be held accountable for verifying the use of the
: email-address conforms to their policies.
I've a few issues with that suggested text:
- "contained within" is too much - foo(_at_)example(_dot_)com is "contained
within" this message but I guess that's not what you mean.
- I'm pretty sure we don't want to be talking about something
as concrete as the "'i' parameter" at this level since such
details are liable to change at inconvenient moments.
- The "may" in the last clause is also a bit ambiguous - do you
mean "can" or "might"?
(I also don't see how your comment connects the new and
old text but am happy to join the dots myself later:-)
Stephen.
_______________________________________________
ietf-dkim mailing list
http://dkim.org