On 5/22/2011 10:27 AM, John R. Levine wrote:
through a separate, value-added mechanism. My own preference would be for
using
a special header-field that contains the cert, with the specification of
using
such certs as saying that they are enabled when included in the set of h=
covered header fields.
I don't see how this is functionally different from VBR. In both cases the
signer assserts that the message is certified by foo.
Sorry, no.
VBR queries are about an actor, not a message.
Certs can be coupled to a particular message -- this was an interesting
semantic
distinction about Goodmail's certification scheme -- although I believe that
typically they, too, are only scoped to the actor, not the specific content.
Mechanically, there are useful distinctions between in-band carriage of
third-party information -- that is, carried with the message -- versus
independent query, such as to the DNS. The distinctions variously can entail
benefits, costs or limitations.
It occurs to me that since mail certification is likely to make assertions
about
behavior as well as identity, the SSL model in which certs last for a year
won't
I believe most certification work is actually about behavior, except when the
identity-related certification couples one identifier to another (or, my
familiarly, one identifier to an identity.)
d/
ps. none of this has anything to do with the current DKIM wg tasks, of
course...
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html