ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: Responsibility concerns withDesignatedSigningDomains

2006-08-27 13:38:31
offlist.

Wietse Venema wrote:
After all, what is the purpose of DKIM?

Thanks for asking. The purpose of DKIM is to trace back signed mail
to signing parties.

For example, suppose that you have confidence in your bank's DKIM
signature.  Then you can use it to distinguish between mail from
the bank, and phishing mail that pretends to be.  Note that it does
not matter what their rfc822.from says.  It's the bank's DKIM
signature that forms the primary basis for trust.

Another example: suppose that I receive mail from a mailing list.
I trust the list server's DKIM signature, so I can distinguish
between mail from the list server and mail that pretends to be.
Again, note that it does not matter what their rfc822.from says.
It's the list server's DKIM signature that forms the primary basis
for trust.

With first-party signatures, things simplify conceptually and
technically to the point of elegance. This is one reason why I
express preference for first-party signatures. But even in this
special case, it is the DKIM signature that forms the primary 
basis for trust. The rfc822.from is secondary.


Nicely stated.

d/

-- 

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>