-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If the i= tag does not "mean something", and the verifier cannot
make use
of it for any purpose, then what on earth is the point of having it
in the
standard in the first place?
It is there for the signer to relate the message back into their own
framework. It is there so that *when* you get a complaint about a
message, you have more to go on.
Let us suppose that the DKIM signer writes out log messages with a
monotonically increasing numbers for each message it signs. That
number is a perfectly fine thing to put in i= because it lets the
signer know who did a bad thing. (Or whose message was used as a bad
thing.)
AFAICS, it does not mean much, but at least is should mean that
whatever
user of domain is present in that tag was known to have played some
part
in bringing that message to the signer.
Who says there has to be a domain in the tag? In the example I gave,
it can be a number.
While it is an identity, we are completely open as to what that
identity has to be. It doesn't have to be an email address, or an
account, or anything. 4871 says that <string>@<domain-from-d=> is the
default, and it makes a certain sense to do that, it is not required.
There are very good reasons for making it opaque. It protects the end
user from harassment, and makes sure that if the user is misbehaving,
the place people complain is to the domain itself.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII
wj8DBQFHTzDAsTedWZOD3gYRAt2cAJ4zzx9JVL8C27dPpaXqjh1R5GyDYwCdEvbM
PMzboAi4DWkW5N5+ZRw2weo=
=nQ24
-----END PGP SIGNATURE-----
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html