Is it a sign that the mail is very, very likely to come from who it
claims to come
from, so domain-based whitelisting applies? In that case, the threshold of
"sufficiently expensive" to deter attacks is pretty low.
DKIM does not necessarily claim to validate "who it came from". It claims that
the administrator of a particular domain name is willing to "take
responsibility" for the message.
This is not a small difference in meaning.
As I understand it, DKIM isn't really intended to be strong authentication
of message, rather it's intended to be cheap authentication of originating
entity.
cheap authentication, yes. we can quibble about the "originating" reference,
but the "cheap" is what i'm focused on.
Cheap means we should be very, very judicious about burdening the mechanism with
clever, additional mechanisms designed to burden with with strength against
occasional and esoteric attacks.
"Simple and shipped" beats "over-engineered and irrelevant" in this case,
I think.
definitely.
d/
--
Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
NOTE WELL: This list operates according to
http://dkim.org/ietf-list-rules.html