ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Choices about Practice vs. Publication

2007-07-08 20:27:56

On Jul 8, 2007, at 4:46 PM, Steve Atkins wrote:


On Jul 8, 2007, at 4:37 PM, Douglas Otis wrote:


Steve pointed out to me that a basic challenge, here, is that DKIM does not define a signature as meaning that the signer is asserting the truthfulness of any particular bit of information in the message. That's the inherent difference between the mild "taking responsibility" semantics that we have given to a DKIM signature, versus "asserting correctness" or the like.

My suggestion to deal with this is to define the basic DKIM sematnic that all DKIM-* headers are asserted to be valid, if they are included in the signature.

This assertion in many cases would need to exclude the From address, but this header is required to be signed. Use of the "i=' parameter is likely the only positive means to communicate such an assurance and is already defined within DKIM base.

"From" does not start with "DKIM-".

The From: field is intimately combined with the DKIM-Signature: field.

Per rfc4871:
---
5.4. Determine the Header Fields to Sign

 The From header field MUST be signed (that is, included in the "h="
 tag of the resulting DKIM-Signature header field).
___

Are you suggesting the intent is to sign other DKIM-Signatures and thereby assert they are also valid?

-Doug
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html