Issue description: https://rt.psg.com/Ticket/Display.html?id=1519
Various threads.
The clearest message in that thread I can find is this:
Jim Fenton wrote:
To briefly summarize, I understand Doug's issue to be the question
of whether the local-part of an Author Address should be matched
against the i= value, if a local-part is present in i=.
SSP matches the local part if present
draft-levine-asp-00 matches only the domain part
Doug is suggesting a third alternative: to match the Author Address
against the g= field in the key record used to verify the signature.
Doug, please verify that I understand the issue correctly before I
invest a lot of keystrokes in responding.
ssp-04 does include the local part if present, so the draft-levine
variant is off the table. I've not found a clear description of how
to use g= in the thread (that I could follow).
I suggest we close 1519 and (if necessary) Doug can send around
a new proposal specifying his g= based alternative to the paragraphs
of ssp-04 copied below.
If there's no further discussion of this, I'll ask Eliot to
close it on July 11.
S.
The text about i= in ssp-04 is:
An "Author Signature" is any Valid Signature where the identity of
the user or agent on behalf of which the message is signed (listed in
the "i=" tag or its default value from the "d=" tag) matches an
Author Address in the message. When the identity of the user or
agent includes a Local-part, the identities match if the Local-parts
are the same string, and the domains are the same string. Otherwise,
the identities match if the domains are the same string. Following
[RFC2821], Local-part comparisons are case sensitive, domain
comparisons are case insensitive.
For example, if a message has a Valid Signature, with the DKIM-
Signature field containing "i=a(_at_)domain(_dot_)example", then
domain.example
is asserting that it takes responsibility for the message. If the
message's From: field contains the address "b(_at_)domain(_dot_)example"
and an
ADSP query produces a "dkim=all" or "dkim=discardable" result, that
would mean that the message does not have a valid Author Signature.
Even though the message is signed by the same domain, it fails to
satisfy ADSP.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html