On 10/1/2010 1:27 PM, McCann Peter-A001034 wrote:
The fundamental problem with the current situation is that the
authenticated identity is not displayed and the displayed identity
is not authenticated.
Forgive my pursuing it in this fashion, but I'd class that as a first
derivative, rather than fundamental. (But, then, first derivatives are
important.)
Fundamental is that DKIM is not trying to authenticate the message and it is
not
trying to authenticate any identity such as From:
It is merely trying to affix a /separate/ identifier, with a claim that its
being affixed is valid, but not that it relates to any other aspect of the
message. In other words, it is trying to identify message streams, rather than
"validate" messages or authors.
The fact that DKIM uses underlying crypto algorithms keeps confusing people
into
wanting to use it the way OpenPGP or S/MIME are designed to be used. Ain't
gonna work.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html