On Oct 22, 2007, at 1:37 PM, Jon Callas wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
So if he said i=subdomain.example.com, then surely the From/Sender
can be expected to be from that subdomain; and if he said
i=someone(_at_)example(_dot_)com, then surely recipients can assume that
'someone' had indeed played some part in sending it.
Absolutely not. DKIM is a protocol in which one administrative domain
speaks primarily to other administrative domain. It's not a domain-to-
user protocol nor a user-to-anything protocol. The i= parameter can
be anything the signing domain wants it to be. It is unlikely to be
an outright lie (for example, I mark all mail coming from alice with
bob), but it may be.
I liken i= to IDENT (RFC1413). The values *may* be meaningful to the
administrative domain, but that's all that can be said about it.
Mark.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html