Murray S. Kucherawy wrote:
Although 5322.From is not mentioned here, how can DKIM provide any level
of defense against fraudulent use of origin addresses, if d= is the one
and only mandatory output of the verification process?
Why does the output of DKIM need to include something when the
consumer of that output already has that information?
Its not really how data is obtained but what Data is needed for
ADSP
TRUST
as described as part of the RFC5585 design.
One can reasonably state that the true definition for Output is all
INPUT that went into the signature and the result code:
HLIST (All the signed headers, h=)
SDID (d=)
SELECTOR (s=)
AUID (i=, if defined)
HASH (strength)
RCODE (Verifier result code)
Its understood the new 3.9 is burning in what is only value required
and its for a presumingly a required trust assessor since "d=" value
MUST be passed to it.
So why not add a reference to VBR? You have a MUST there to pass to
something, help promote VBR to fulfill the MUST.
All is that is being asked is cross the tees, dot the eyes for RFC5585
with a MAY for ODID. You don't even have to mention ADSP, just say
its an optional part of the total DKIM Service Architecture. Just
like VBR is, just like A-R is.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html