On 10/14/09 7:10 AM, Dave CROCKER wrote:
Ian Eiloart wrote:
OK. What ADSP adds is the ability to assign reputation to a specific email
claiming to originate from a specific domain. Except for "unknown".
A DKIM signature says nothing about "origination". A signature is typically
by
an organization that handles the message, but it need not be the originator or
even a sender. An independent trust service, such as Goodmail, could sign it,
for example.
It's not really a DKIM issue, but if I get email from
paypal.co.uk, then how do I determine whether that email is from paypal?
Mapping from a domain name to a brand name or company name or the like is
indeed
an interesting topic. As you say, it has nothing to with DKIM.
Agreed. But this does affect ADSP, the DKIM policy layer. It is not
practical to have all agents that might operate on behalf of some domain
to have previously exchanged keys allowing them to position selectors at
or below the Author Domain.
Currently, most DKIM recommendations in these cases depend upon
reputation services as a means for recipients to make acceptance
decisions, which mostly works. However, a reputation service is twice
removed from that of an Author Domain that may wish to assert a DKIM
policy that might be seen as being restrictive.
Even slight restrictions make other agents appear to be in conflict with
the Author Domain policy. Unfortunately, only rarely are Author Domains
not dependent upon a number of other agents that have not previously
shared keys in some manner. Nor would it be practical or safe for an
Author Domain to widely share their keys in some manner.
There is a way to solve this DKIM policy problem without always needing
to rely upon reputation services, or the impractical and unsafe sharing
of keys.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html