On Mar 27, 2009, at 8:04 AM, Tony Hansen wrote:
Siegel, Ellen wrote:
Sorry for top-posting, but couldn't we sidestep all of the analysis
by simply saying that the *syntax* (rather than the *semantics*)
matches that of domain names?
When all is said and done, it's the combination of the "selector
+_domainkey + SDID" that must be a valid domain name whose TXT
records can be accessed using DNS. This is the *only* name out of
all of these that MUST be in the DNS.
A valid DKIM signature confirms the signing agent is controlled by the
domain indicated in SDID. A valid signature also establishes an
authority to assert UAID values that must reside at or under the
domain. (A valid DKIM signature verifies the UAID assertion by the
SDID.) When UAID values do not match against email-addresses within
signed header fields, portions of the UAID namespace below the SDID
may not represent an valid email destination. However, the UAID value
always represents an SDID identifier for on whose behalf their
signature was added.
The SDID value could be seen as analogous to a State issuing a drivers
license. A valid signature could be analogous to untampered laser-
scribed laminate and seals. The License Number could be analogous to
that of the UAID, where it might be replaced by a State email-address
of the driver. Such replacement can be denoted by its use within
signed header fields.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html