On Wed, 04 Feb 2009 07:00:25 -0000, Eliot Lear <lear(_at_)cisco(_dot_)com>
wrote:
Here, the consumer of this information, the verifier, is warned against
making use of i=. However, what we are now saying is that practical
deployment experience requires a stronger warning; that absent
additional information from the signer that is not exposed by this
specification, verifiers SHOULD NOT rely on i= as any sort of identity,
because the value may not be present or stable.
No, SHOULD NOT is too strong. Normally, that would indeed be the case, but
in specific cases the Assessor (not the Verifier) might have information,
obtained by some out-of-band means, what that particular i= meant, and be
able to act accordingly. Otherwise (and maybe always), assuming the d=
matched satisfactorily, the i= should just be passed on to the end user
who might make some sense out of it (e.g. Aunt Tillie vs Uncle George).
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html