On Feb 9, 2009, at 8:13 AM, Dave CROCKER wrote:
Folks,
In anticipation of a working group Last Call for the Errata, would
anyone else with concerns about the draft please post them so we can
discuss and resolve them?
<http://dkim.org/ietf-dkim.htm#errata>
Dave,
The issue appears to be an over zealous use of the word opaque in an
attempt to reiterate that there is an uncertain mapping of entities to
email-addresses. Such as, perhaps multiple entities might be able to
use "jon(_dot_)doe(_at_)example(_dot_)com". Of course, the issue of entity
mapping is
always an internal matter for the domain. Combining this concept
with DKIM definitions is fairly confusing.
Useful errata information might mention:
a) The display name, in conjunction with an email-address, is not
directly validated by the DKIM verification process.
b) Only when the header containing the email-address is signed, can it
be presumed that the display name is in compliance with the domain's
practices.
c) Use of subdomains below the d= value domain requires an unverified
assumption that the d= value domain is authoritative for the subdomain
namespace.
d) When the i= identity is not found within the signed header fields,
although it is in the form of a email-address, it should not be
assumed to represent a valid email-address.
The proposed errata use of the word opaque to describe the d= value,
in addition to the i= value offers _no_ additional clarity. The DKIM
signature validates a domain indicated by the d= value as possessing
the private key used to sign the message. There is little benefit
calling this validated domain "opaque".
After all, authorization to include a Mail From domain for an SMTP
client might be called "domain authentication" with respect to any
purported responsible address. :^(
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html