Wietse Venema wrote:
Mark Delany:
My problem is that if some valuable domain like paypal sends me a
bunch of bits that I or my MUA or my MTA ties to paypal.com then the
end goal of DKIM is, IMO, that those bunch of bits I "see" are the
ones that paypal sent. No more, no less.
But the user does not see a bunch of bits. The user sees the combined
result of software layers that render those bits. DKIM has no
control over that rendering process.
Well, not widely yet, but you do have Gmail and Yahoo Online MUA show
info regarding valid signatures. That is a DKIM controlled input bit.
We are almost ready to begin similar MUA changes as well starting with
our Online MUA. But before we do that, we need to get a 100% clear
indication of the expectations. Right now, it seems to be a low key item.
DKIM can only guarantee that "what you RECEIVED is what I signed".
To get "what you SEE is what I signed" semantics, one could do the
following:
[SNIP] [SNIP]
I see you have a funny bone in you. :)
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html