ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Who signs what

2010-09-16 13:41:33
from [Steve Atkins] [Permanent Link] 

On Sep 16, 2010, at 11:18 AM, Murray S. Kucherawy wrote:


-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org 
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Steve Atkins
Sent: Thursday, September 16, 2010 11:08 AM
To: DKIM List
Subject: Re: [ietf-dkim] Who signs what

If I were to sign this email with d=pedantic.wordtothewise.com would
that be a third-party signature or a first party signature?


It's from you (A) to me (B) signed by your subdomain (C).

Quoting myself:

For a message (not even specifically email) from A to B via C, A is the 
first party, B is the second party,
C is the third party.

The first several definitions I found via a simple Google search concurred.


I think you're saying that when I register a domain[1] and use
that domain in both the From: address and the DKIM signature
then that's a third-party signature if I use a subdomain in the
DKIM signature.

In the ADSP world the difference between "non-author-domain"
 vs "author-domain" is an important distinction, but you're
using "third-party" vs "first-party" to refer to that.

That's contrary to normal use of the term third-party, as there
is no third party involved in this example - there's me and my
domain, and there's the recipient.

And this isn't a theoretical case. Signing with a subdomain of
the domain in the From address is DKIM best practice in a
large fraction of cases. 

If we describe that as a third-party signature we risk confusing
it with the case of a true third-party signature from a certification
authority or some such. "Third-party that's the author"
vs "Third-party that's not the author".



Let's not waste time on this.


The way to avoid wasting time is to use the terminology
that's in the drafts we already have in place, rather than
making up new terminology that's misleading.

Cheers,
  Steve

[1] using the commonly used definition of domain as "the
thing I spend $20 a year to use that's a word with '.com'
or similar on the end".
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] DKIM+ADSP = FAIL, and it's our fault, Eliot Lear
Next by Date:  Re: [ietf-dkim] Who signs what, Hector Santos
Previous by Thread:  Re: [ietf-dkim] Who signs what, Murray S. Kucherawy
Next by Thread:  Re: [ietf-dkim] Who signs what, Murray S. Kucherawy
Indexes:  [Date] [Thread] [Top] [All Lists]