MH Michael Hammer (5304) wrote:
With regard to the other discussion, for the implementations I'm engaged
in, d= works fine for ADSP. I recognize that for other implementations
using i= provides additional value. I therefore would support keeping
the reference string (domain part or HRS of i=) as i=. The fact that the
errata discusses opaqueness for DKIM base does not preclude using RHS of
i= for ADSP implementation.
Along with others, I think discussion of whether ADSP will or won't be useful
is
wasteful at best but more likely counter-productive. Oh. And out of scope.
Now, for the question that /is/ within scope:
Given the clarification that we've now done on d= vs. i=, ADSP should use
d=
and only d=.
1. The d=/i= clarification made clear that relying on i= is problematic.
2. d= is sufficient for ADSP's stated goal.
3. The current ADSP re-defines i= semantics. While this is theoretically
legal, it is neither necessary nor useful. So the important question is not
about legality, but about need. ADSP's use of i= makes the meaning of DKIM
constructs more complicated and contingent. As a specific example, why should
ADSP use require Levine to alter his signing practices, given that they are
entirely legal with respect to DKIM signing?
Simplicity and sufficiency are usually deemed to be compelling arguments in
technical design. If they don't hold sway here, why?
"We could do it, but it would be wrong."
- /Richard Nixon/
We could use i=, but it would be wrong.
d/
ps. Yes, this means changing the definition of "author signature"
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html