Stephen Farrell wrote:
I've always wondered why dkim is taking on the task of supporting
"I don't send mail" since the statement makes no reference to
signatures at all.
I suspect this is a good example of the confusion between describing the problem
domain DKIM is pursuing versus the mechanism DKIM defines, to deal with the
problem.
(There has been some tension about whether to describe DKIM merely in terms of
its cryptographic mechanism, or in terms of its larger goal. I think the point
you raise highlights the benefit of starting with the more general statement
that is independent of underlying technology.)
The problem domain is assurance of email authenticity -- that is, of an identity
associated with the message. Signing is a mechanism for providing assurance.
If I say that I do not sent mail, but you get mail purporting to be from me,
then there is a pretty solid basis for believing the mail is not authentic.
Arguably, that's something that should be dealt
with by someone else, who might also think about saying "I only
send mail that's less than 1MB", or, "I only send invoices".
And this highlights the benefit of using a coarse filter on SSP details: If
there is quick, broad agreement that the feature is useful, then add it now. If
the topic becomes complex -- that is, it will take some effort to agree on its
details -- then defer it.
My impression is that there is likely to be quick agreement on a binary flag
that says "The domain name administrator says that this domain name will not
appear in the rfc2822.From field, for any valid mail." Whereas I suspect that a
more complex mechanism that specifies assorted contingencies is much less likely
to gain ready agreement.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html