On Tue, Feb 10, 2009 at 12:23:02PM -0500, Hector Santos wrote:
Jeff Macdonald wrote:
d=good.rep.example.net or
d=bad.rep.example.net
do not assume that those identifiers mean "good" and "bad". Good and
bad could be the names of two different companies. A signer could sign
like this instead:
d=53302.rep.example.net or
d=9999.rep.example.net
and this would enforce to the verifier that no meaning should be placed
on what d= contains.
d= is just an identfier that is used to look up the public key
Jeff,
It a DNS DOMAIN and a DNS DOMAIN is a well defined entity. And this d=
DNS DOMAIN must match the 2822 (DNS) Domain.
yes, in my examples, {good,bad}.rep.example.net are valid DNS domains.
It is well forth, bloody, scared specific 1st PARTY only signing
requirement.
I don't understand what you are saying here. d= can have domains that
are considered by some to be 3rd party too.
It does not lack clarity. It is not obtuse, it is not "hard to
understand or explain," nor is it unintelligible, and it is certainly
not opaque.
I think we all agree that d= is a domain. The spirit of using the word
opaque was to mean "don't read into what that domain may represent".
--
Jeff Macdonald
jmacdonald(_at_)e-dialog(_dot_)com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html