ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] draft-ietf-dkim-ssp-02.txt (issue 1519?)

2008-02-01 16:03:24
Douglas Otis wrote:
This draft goes to the opposite extreme of the ASP draft and increases the restrictions for "all" compliance as well. This draft indicates _ALL_ messages are to include a signature with an i= parameter matches that of an identity within the From header. This is not the defined use for RFC 4871.

It is true that RFC 4871 does not require or define any binding between the i= parameter and the From header field (or any other header field, for that matter). That is defined by *SP. The question is really the nature of that binding: whether it's the entire address (in cases where i= has a local-part) or whether it's just the domain. That seems to be what's at the heart of issue 1519.


The ASP approach creates fewer corner cases. At least with the ASP draft, any risk of misuse remains within the control of a domain to rectify.

This last statement I don't understand. Can you give an example of "misuse within the control of a domain" that is introduced by matching the local-part?

-Jim

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html