Tony, Dave, Phillip and others,
I've finally gone through dkim-overview-10. Basically, it looks good,
but I have some suggestions on how to make it more accessible to
readers who don't already know what DKIM is, plus some minor nits:
- I think introducing clear terminology for the identity/identities (or
identifier/identifiers) "output by DKIM" would make DKIM significantly
easier to understand, and would be useful in this document, too.
Places that probably would get easier to understand with this
terminology include at leastSections 1.1, 2, 2.1, 2.2, 3.1.1, 3.1.4,
4.1, 4.3, 4.5, and 5.
- Section 1.1: should the "By itself, a DKIM signature.." list also
include something like "Does not necessarily authenticate the
message's author"? (that might help understanding DKIM's role)
- Section 1.2, one possible way to contrast DKIM vs. the other
signature standards might be that DKIM adds a new identifier to the
message (SDID/UAID) that is authenticated, while the other standards
have usually focused on authenticating the author/origin of message
(using an identifier already present in the message, like "From:")
- Section 1.2, the text about the history of mail signature standards
looks a bit strange to me. The text about PGP probably should be a
bulleted item, not ordinary paragraph. And "later version was
standardized as OpenPGP" probably referes to PGP, not MOSS?
- Section 2.3, perhaps "...has not been modified" should be clarified
to "...has not been modified after it was signed. However, DKIM cannot
tell whether the message was modified after it was submitted by the
Author but before being signed" or something? (perhaps obvious to a
reader who wants to compare DKIM and SPF/SenderID, but less obvious to
someone whose starting point is S/MIME or OpenPGP)
- Section 3, "end-to-end authentication" might make sense to a reader
whose prior knowledge is about SPF/SenderID, but makes less sense to
someone whose background is S/MIME or OpenPGP (which are usually much
more end-to-end than DKIM). Perhaps this could be rephrased as "DKIM
adds an authentication capability to the existing email transfer
infrastructure that is independent of SMTP connections (i.e. not
hop-by-hop)" or something?
- Section 5: Figure 1 shows that signing practices are not applied if
the DKIM signature is valid. That's not the case for ADSP -- it's
still relevant for valid DKIM signatures that are not Author
Signatures.
- From idnits:
== Unused Reference: 'I-D.kucherawy-sender-auth-header' is defined on line
814, but no explicit reference was found in the text
== Unused Reference: 'RFC2821' is defined on line 840, but no explicit
reference was found in the text
== Unused Reference: 'RFC3164' is defined on line 849, but no explicit
reference was found in the text
== Unused Reference: 'RFC4870' is defined on line 869, but no explicit
reference was found in the text
- I think mentioning 4870 and sender-auth-header somewhere in this
document would be useful.
Could you take the first shot in proposing concrete edits, with
the goal of getting a revised ID submitted before the cut-off date?
(Although the terminology part has a dependency to errata-02)
Best regards,
Pasi
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html