On 5/5/11 1:34 PM, Michael Thomas wrote:
On 05/04/2011 08:34 PM, Murray S. Kucherawy wrote:
Technical: The AUID is an unvetted value. The local-part and the subdomain
could be garbage. It's inappropriate for a security protocol to return a
possibly false value in the context of saying something was
cryptographically validated.
I don't think this is correct. The signer creates and signs the i= value,
so it's not "garbage", and it can't be "false" either. I don't even know
what false means in this context. It's just a value which is guaranteed
to be within the to the d= domain's bailiwick.
Agreed.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html