ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] DKIM does domain signing, not mailbox signing

2007-11-29 12:43:17
The issue here isn't reputation (although this may come up in that context, too); the issue is whether a given signature is interpreted as an Originator Signature or not by SSP.

Seems to me that any algorithm more complex than comparing the From: domain to the signing domain will die in the Swamp of Unforseen and Unmanageable Complexity. If you mean something different when you sign list mail than when you sign individual mail, use a different signing domain. As Jon reminded us, the semantic granularity of DKIM is domains, not mailboxes.

   i=  Identity of the user or agent (e.g., a mailing list manager)

Although 4871 doesn't specify any semantics associated with the
local-part of i=, if it had been intended to be an opaque token, it
would have been worded differently.

Now wait a minute. I don't see the word "mailbox" or "address" there, I see the carefully neutral term "identity". The following text says that it has the syntax of a mailbox, not the semantics of a mailbox.

It's a cookie, just like the cookie that the late lamented RFC 1413 IDENT returns. In many cases those cookies may happen to match mailbox names, but in just as many cases they don't, and it's poor design to assume that they do. See the informative discussion two paragraphs later.

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for 
Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html