ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Responsibility vs. Validity

2007-11-28 05:36:13
Dave Crocker wrote:
Folks,

This note is about an old topic that seems to remain unresolved. I'm posting it to see where the working group is on the matter:

Mechanisms like OpenPGP and S/MIME essentially validate the authenticity of content. DKIM does not. For example, a DKIM signature does not contain the semantics that claim that the From field is correct, nevermind that it does not distinguish between "brands" such as are often implied by the display string in the From field, versus the email address in it.

   I don't know what "correct" means in this context.

Rather, DKIM's task is to allow an organization to say this it has some responsibility for the message; that is, come to them if there is a problem.

In looking at the range of features that have been added to SSP, I keep thinking that this distinction is not clear. It seems to me that there is tendency to want to build "the content is valid" mechanisms into SSP.
I think you've got it essentially backward. SSP doesn't say anything about
signed content per se. It's completely focused on *unsigned* content. Also:
it's hard evaluate this "tendency" without some specific examples from the
draft.

      Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html