On Wed, 14 Nov 2007 23:50:17 -0000, Jim Fenton <fenton(_at_)cisco(_dot_)com>
wrote:
Douglas Otis wrote:
Introduction:
,--
| ... However, some domains may choose to sign all of their
| outgoing mail, for example, to protect their brand name. It is
| highly desirable for such domains to be able to advertise that fact
| to verifiers, and that messages claiming to be from them that do not
| have a valid signature are likely to be forgeries. This is the topic
| for sender signing practices.
'--
This statement overlooks messages forwarded by mailing-lists and the
like where a signature might become invalid.
Perhaps change "claiming to be from them" to "claiming to be directly
from them".
DKIM tries to be as path-agnostic as possible, so the word "directly" is
problematic. If it goes through a transparent (non-modifying)
forwarder, is it "directly from them"? Probably not, so this wording
understates DKIM's value.
My interpretation of "directly" in the above text is that it implies
"if this message arrives without evidence of intermediate
forwarding/mail-list-expansion/whatever, and its signature is bad/absent,
then that is a cause for immediate and grave suspicion. But if there is
evidence of such forwarding, then further investigation of whether such
forwarding might removed/broken our original signature could be taken into
account".
So if the forwarder has resigned (or even better certified that the
original sugnature was good when seen by him) then a site that is prepared
to trust the forwarder might choose to be less suspicious.
If that is the intention of "directly", then it is probably fine to
include it (or mayube something more explicit, since "directly" seems toi
have been misunderstood.
OTOH, my interpretation of "strict" means "please be suspicious if the
signature is absent/bad even if there is plausible evidence of mangling by
a forwarder".
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html