ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Output summary - Keep your Eye on the Prize!

2011-05-05 22:48:06


On 5/5/2011 8:12 PM, Murray S. Kucherawy wrote:
From: Michael Thomas [mailto:mike(_at_)mtcc(_dot_)com] Sent: Thursday, May 
05, 2011
1:35 PM

On 05/04/2011 08:34 PM, Murray S. Kucherawy wrote:
Technical: The AUID is an unvetted value.  The local-part and the
subdomain could be garbage.  It's inappropriate for a security protocol
to return a possibly false value in the context of saying something was
cryptographically validated.

I don't think this is correct. The signer creates and signs the i= value,
so it's not "garbage",
...
By "garbage", I mean "not guaranteed to have any useful meaning".
...
So, I believe, it's essentially meaningless as far as the protocol can
stipulate.  Assertions of its semantics thus fall outside of the base DKIM
spec.


It's worth noting that Murray said 'could be'.

But Murray's final paragraph has the essential points: within the scope of the
DKIM Signing specification, the receive-side has no way to determine what the
semantics of i= are, as we discussed at great length when formulating the Update
RFC.

But, then, folks on the list already know that.

d/
-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>