DKIM Chair wrote:
2.7. Author Signature
An "author signature" is a Valid Signature that has the same domain
name in the DKIM signing identity as the domain name in the Author
Address. If the DKIM signing identity has a Local-part, it is be
identical to the Local-part in the Author Address. Following
[RFC5321], Local-part comparisons are case sensitive, but domain
comparisons are case insensitive.
For example, if a message has a Valid Signature, with the DKIM-
Signature field containing "i=a(_at_)domain(_dot_)example", then
domain.example
is asserting that it takes responsibility for the message. If the
message's From: field contains the address "b(_at_)domain(_dot_)example",
that
would mean that the message does not have a valid Author Signature.
Even though the message is signed by the same domain, it will not
satisfy ADSP that specifies "dkim=all" or "dkim=discardable".
Note: ADSP is incompatible with valid DKIM usage in which a signer
uses "i=" with values that are not the same as addresses in mail
headers. In that case, a possible workaround could be to add a
second DKIM signature a "d=" value that matches the Author
Address, but no "i=".
The current proposal is to remove i= here, and rework the text so that ADSP
uses
d= only.
I guess what I didn't quite get in these discussions is "use d= only"
for what purpose? Are we saying the change would reflect this instead:
For example, if a message has a Valid Signature, with the DKIM-
Signature field containing "d=domain.example", then domain.example
is asserting that it takes responsibility for the message.
What has been confusing to me is getting the (possibly wrong) idea
that the domain lookup is no longer the From: domain, but rather the
d= domain.
I guess what is lost to me is who is really "responsible" for the
message. This is the right way to understand it?
- The Author Domain is responsible for the content of the message.
- The DKIM d= domain is responsible for signing the message.
For ADSP purposes:
- Authorization is determine by looking up the Author Domain record.
--
Sincerely
Hector Santos
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html