ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Responsibility vs. Validity

2007-11-29 14:39:16
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


If the i= tag does not "mean something", and the verifier cannot  
make use
of it for any purpose, then what on earth is the point of having it  
in the
standard in the first place?


It is there for the signer to relate the message back into their own  
framework. It is there so that *when* you get a complaint about a  
message, you have more to go on.

Let us suppose that the DKIM signer writes out log messages with a  
monotonically increasing numbers for each message it signs. That  
number is a perfectly fine thing to put in i= because it lets the  
signer know who did a bad thing. (Or whose message was used as a bad  
thing.)

AFAICS, it does not mean much, but at least is should mean that  
whatever
user of domain is present in that tag was known to have played some  
part
in bringing that message to the signer.

Who says there has to be a domain in the tag? In the example I gave,  
it can be a number.

While it is an identity, we are completely open as to what that  
identity has to be. It doesn't have to be an email address, or an  
account, or anything. 4871 says that <string>@<domain-from-d=> is the  
default, and it makes a certain sense to do that, it is not required.

There are very good reasons for making it opaque. It protects the end  
user from harassment, and makes sure that if the user is misbehaving,  
the place people complain is to the domain itself.

        Jon


-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII

wj8DBQFHTzDAsTedWZOD3gYRAt2cAJ4zzx9JVL8C27dPpaXqjh1R5GyDYwCdEvbM
PMzboAi4DWkW5N5+ZRw2weo=
=nQ24
-----END PGP SIGNATURE-----
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html