On Feb 13, 2009, at 1:56 PM, Dave CROCKER wrote:
You left out a key, alternative consideration, for ADSP, that it
should be changed to use d=, rather than i=. With a clarification
of the roles of d= and i=, as DKIM signature output, relying on i=
by ADSP can reasonably be subject to re-evaluation. Was your
omission intentional?
May I add--
Changing ADSP to use d= rather than i= restores single signature
compatibility with RFC 4871. :^)
Asserting by errata or some related document that valid and token
namespace that overlap within the same message is a violation of RFC
4871, would also establish the relationship intended by ADSP without
also mandating email-address affirmation.
Whether the i= namespace represents a valid address could be deduced
by discovering that the i= value matches with an email-address within
a signed header field. Having an i= relationship with valid email-
addresses conditioned upon the existence of some DNS record makes
processing clumsy, and removes non-repudiation.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html