ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Author Signature vs. Author Domain Signature / Internal vs External threats

2009-04-02 19:31:09
Dave CROCKER wrote:
I think there are two sources of confusion for this round of ADSP discussion.

The first is that the term "Author Signature" encourages one to think that 
DKIM 
is used to sign with the full author email address, rather than with the 
/domain/ of the author's address.  We fixed that error in the name of the 
document, but forgot to carry it through to the details of the spec.

DKIM is about domains, not email addresses.  And that's all ADSP should be. 
Using i= encourages this cofusion.  Using "Author Signature" rather than 
"Author 
Domain Signature" also encourages it.
  

If the definition changes from i= to d= (and it looks like there will be
consensus to do that), Author Domain Signature is the better name for
that.  The Chairs had tasked us to make only a surgical change to this
section, however, so we should check if that's OK.
ps.  That includes dropping the "ADSP is incompatible" note.
  
If you mean the note that I included in the alternative text that I
posted, I disagree.  Parent domain signing is a technique described in
RFC 4871.  If it can't be used with ADSP because ADSP compares against
the d= value rather than the domain part of i=, then that limitation
should be pointed out in an informative note so that domains don't get
stung by setting up parent domain signing and then find that ADSP
doesn't do what they expect.

-Jim
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>