ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Proposal for specifying syntax and semantics formultiple signatures

2006-04-02 09:54:20

On Apr 2, 2006, at 8:44 AM, Barry Leiba wrote:

I think it depends on your "Verifier" the guys who have to make the decision
with all the junk coming into the system how it will view it.
...
Are we suppose to turn a blind eye to the quality of the message and just look at who is responsible? If so, then who cares what the message quality
is as long as it comes from a "good person."

We have to be clear about what DKIM is and isn't.

DKIM is something that lets a sender say "my domain sent this message".

Not even that, as I understand it. In some cases the domain that's signing the message will have nothing at all to do with putting it on the wire, and in some cases nothing to do with the details of composing the message. (Back to Daves
distaste for the word "sender").

"Someone who has access to a private key associated with this domain (probably someone authorized by someone associated with the DNS setup for this domain) has signed the content of this message, and the message hasn't changed significantly
since they did that." is a bit closer.

That doesn't make for much of an elevator pitch, though, so perhaps 'A DKIM signature
from paypal.com says "I am paypal.com, and I authorize this message!"'.

Cheers,
  Steve

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>