ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] NEW ISSUE: Signature semantics

2007-12-11 20:27:30
The issue is mandatory end-user identification with i=.

To make it more concrete, can we take this as a proposal to
change section 2.8 to remove references to the local-part?

  An "Originator Signature" is any Valid Signature where the domain of
  the signing address (the domain of the "i=" tag if present,
  otherwise its default, the value of the "d=" tag) matches the domain
  of the Originator Address.  The domains are matched using the usual
  rule, a case-insensitive ASCII comparison.

I'm all in favor of this for a variety of reasons.  Existing RFCs have
carefully avoided saying anything about local-parts, and in particular
whether two addresses are the "same".  RFC 2821 notes that unlike
everything else in SMTP, you can't even assume that local-parts are
case insensitive so Jim(_at_)blah(_dot_)com and jim(_at_)blah(_dot_)com may be 
different.
Or they may not.

I sympathize with senders' desire to do DKIM key management, but my
sympathy does not go so far as to require recipients to help them do
it.

R's,
John
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html