4.4. Verification
|After a message has been signed, any agent in the message transit
|path can verify the signature to determine that the signing identity
|took responsibility for the message.
This is a grossly inaccurate statement! Verification of a signature
_only_ indicates the domain IS responsible for controlling access to
the private keys enabling application of DKIM signatures. An identity
associated with a signature is unlikely to control private key access,
or even hold a private key.
This MUST change to:
"After a message has been signed, any agent in the message transit
path can verify the signature to determine the signing _domain_
responsible for controlling the signing process. Relationships with
the identity associated with the signature and that of message content
is strictly a function of the signing domain's trustworthiness.
Trustworthiness can not be determined by a signature verification
process."
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html