On Jul 8, 2007, at 4:46 PM, Steve Atkins wrote:
On Jul 8, 2007, at 4:37 PM, Douglas Otis wrote:
Steve pointed out to me that a basic challenge, here, is that
DKIM does not define a signature as meaning that the signer is
asserting the truthfulness of any particular bit of information
in the message. That's the inherent difference between the mild
"taking responsibility" semantics that we have given to a DKIM
signature, versus "asserting correctness" or the like.
My suggestion to deal with this is to define the basic DKIM
sematnic that all DKIM-* headers are asserted to be valid, if
they are included in the signature.
This assertion in many cases would need to exclude the From
address, but this header is required to be signed. Use of the
"i=' parameter is likely the only positive means to communicate
such an assurance and is already defined within DKIM base.
"From" does not start with "DKIM-".
The From: field is intimately combined with the DKIM-Signature: field.
Per rfc4871:
---
5.4. Determine the Header Fields to Sign
The From header field MUST be signed (that is, included in the "h="
tag of the resulting DKIM-Signature header field).
___
Are you suggesting the intent is to sign other DKIM-Signatures and
thereby assert they are also valid?
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html