ietf-dkim
[Top] [All Lists]

[ietf-dkim] dkim-overview-09/ Verification

2008-03-25 10:21:36
4.4. Verification

|After a message has been signed, any agent in the message transit
|path can verify the signature to determine that the signing identity
|took responsibility for the message.

This is a grossly inaccurate statement!  Verification of a signature  
_only_ indicates the domain IS responsible for controlling access to  
the private keys enabling application of DKIM signatures.  An identity  
associated with a signature is unlikely to control private key access,  
or even hold a private key.

This MUST change to:

"After a message has been signed, any agent in the message transit  
path can verify the signature to determine the signing _domain_  
responsible for controlling the signing process.  Relationships with  
the identity associated with the signature and that of message content  
is strictly a function of the signing domain's trustworthiness.   
Trustworthiness can not be determined by a signature verification  
process."

-Doug



_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>
  • [ietf-dkim] dkim-overview-09/ Verification, Douglas Otis <=