On Nov 14, 2007, at 3:50 PM, Jim Fenton wrote:
Douglas Otis wrote:
Introduction:
,--
| ... However, some domains may choose to sign all of their
| outgoing mail, for example, to protect their brand name. It is
| highly desirable for such domains to be able to advertise that fact
| to verifiers, and that messages claiming to be from them that do
not
| have a valid signature are likely to be forgeries. This is the
topic
| for sender signing practices.
'--
This statement overlooks messages forwarded by mailing-lists and the
like where a signature might become invalid.
Perhaps change "claiming to be from them" to "claiming to be directly
from them".
DKIM tries to be as path-agnostic as possible, so the word
"directly" is
problematic. If it goes through a transparent (non-modifying)
forwarder, is it "directly from them"? Probably not, so this wording
understates DKIM's value.
I take your point.
This case is covered under the wording "likely" in "likely to be
forgeries". Should it say "more likely to be forgeries" instead?
Other factors may affect whether a message is likely to be a forgery.
A trustworthy mailing list resigning messages (with third-party
signatures) should not be assumed to produce likely forgeries. Just
the opposite would be true. While a third-party signature might be
valid, it would not be valid from the narrow perspective of the FROM/
i= identity. I hope to finish a clean-up of the TPA-SSP draft to
better fit with SSP. This statement tends to preclude these other
possible considerations.
Perhaps "claiming to be from them without a valid signature of a
parent, trusted, or authorized domain are then likely to be
forgeries." This would provide some flexibility for possible future
extensions.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html