On Thu, Oct 14, 2010 at 07:38:13AM -0700, Mark Delany allegedly wrote:
What is essential is that it perform the task of validating and delivering
a
signing domain that is associated with a collection of bits. Anything that
defines how to do this is essential. Anything that can make this break
needs to
be covered, especially if there are ways to protect against the breakage.
But isn't the problem that the signing domain is being incorrectly
associated with a different collection of bits?
And just to elaborate on my own point. We went thru a lot of
hand-wringing over canonicalization and the l= tag and so forth
precisely because we were concerned about associating a signing domain
with the wrong bits.
But now it seems that making the wrong association is not treated with
as much concern.
If it is true that the DKIM effort is about associating an identifier
with a collection of bits, it equally must be true that we want to
make a similar effort to ensure that identifier is not associated with
an unrelated collection of bits.
Mark.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html