On 06/20/2013 03:05 AM, John R. Levine wrote:
Seems to me that works fine as is. If a stock broker wants to set
up its mail system to put an i= into DKIM that reliably identifies
the person who sent the mail, they can do that.
But unless I have external knowledge that they do that, and trust
them to do it right, I can't depend on it,
Rolf E. Sonneveld:
Why do you raise this concern for "i=" and not for "d="? Simply
looking at "d=" we can't differentiate between a Good Guy and a
Bad Guy, until we have built some history/reputation for that
particular "d=" domain. Why wouldn't the same logic hold for "i="?
Wietse:
Because d= specifies the name of the public key.
Rolf E. Sonneveld:
As there is only one private key associated with that public key,
we may safely assume that the owner of that private key takes
responsibility for any use of the "i=" within that "d=" domain.
Or any other bits in the message header or body, for that matter.
The point is that d= provides the authenticated channel between
signer and verifier, while all the other bits are just riding along
through that authenticated channel.
This thread is really about different degrees of trust: trust in
the authenticated channel, versus trust in the content that arrives
through that channel. I may be willing to believe that the channel
is authentic, while at the same time being sceptical about any
claims that are made by its payload.
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html