On Jan 28, 2009, at 3:53 PM, Dave CROCKER wrote:
John R. Levine wrote:
Gee, how many ways are there to say that i= doesn't identify the
user?
The i= field doesn't do that. DKIM doesn't identify individuals,
only
domains.
John,
Oh boy.
Your statement is not correct.
Sorry, but I agree with John on this.
The spec says that it *does* identify a user.
Your statement is also not correct!
RFC 4871 defines the i= value as representing the identity of the
_user_ or _agent_ on behalf of which this message is signed.
The agent involved could represent an account rather than a user. The
account would be the entity granted access to their outbound SMTP
server that is acting as agent for the users sharing the account.
This account could be expressed as a number which does not have a
corresponding mailbox. An agent could also be a mail-list or any
number of abstract concept of agent entities. You have overlooked a
very important aspect about how access is controlled, and which entity
on behalf the signature was added. The signing agent may only
recognize the account would could be identified by the IP address
assigned a MAC address. This could also be identified by a number
referenced in their Radius server. Only in some cases will there be a
one to one correspondence between From email-addresses and on-behalf-
of entities (i= values).
It does not say the identification is an email address.
Agreed.
It does not say that the user is the author.
Agreed.
It does not say that anyone other that the creator of the
identification can parse and comprehend the identifier.
It also does not say that the i= value represents that of a user!
But it does say that it is the user who the signing was done "on
behalf of".
Or Agent!
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html