ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Issue 1550 - the name of the document (remains open *briefly*); there's still,disagreement on "Author"

2008-03-11 14:01:04

On Mar 11, 2008, at 11:47 AM, MH Michael Hammer (5304) wrote:

As the person who originally threw out the suggestion of ADSP on the
list (only half seriously), I agree with Pete. The author does not  
sign
and the author does not set the policy. It is the domain that is  
signing
(by virtue of publishing the DNS records, even if the author happens  
to
sign at the MUA/MSA) and the domain which is expressing the policy.

Agreed.  Sloppy terminology has lead to incompatible compliance  
requirements involving restrictions on use of local-part identities.   
The signing domain MUST decide whether the message is compliant with  
their policies BEFORE signing the message.  Verifiers should not  
attempt to second guess whether a domain's signature means the message  
is compliant with their policy or not!

Reliance upon a signing domain's stewardship MUST NOT occur when the  
message is signed using a restricted key (intended for untrustworthy  
individuals or systems) that also includes an identity not found  
within the From header.  Whether or not the domain also publishes  
policy SHOULD NOT affect how these restricted key messages should be  
treated.  Such messages should not benefit from the reputation of the  
domain, but might benefit from the reputation of the identity,  
although such benefits are likely only appreciated by individual  
recipients.

-Doug
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>