[Top] [All Lists]

Re: [ietf-dkim] Weird i= in client mail

2013-06-20 12:03:18

On Jun 19, 2013, at 6:05 PM, John R. Levine <johnl(_at_)iecc(_dot_)com> wrote:

Now on the other hand, if an administrative domain wanted to go to the 
trouble to authenticate down to the user level, we didn't want to prevent 
that, either. The primary audience for DKIM includes regulated industries, 
after all.

Seems to me that works fine as is.  If a stock broker wants to set up its 
mail system to put an i= into DKIM that reliably identifies the person who 
sent the mail, they can do that.

But unless I have external knowledge that they do that, and trust them to do 
it right, I can't depend on it, so it's mostly an opaque token of use to the 
sender when someone sends back a message and says "what the heck is going on 


This is why it's "weird." I= is there so upper-layer systems like DMARC, a 
reputation system, or an administrative domain's internal software can work at 
a finer grain than the domain itself.

It has many potential uses, but within DKIM itself, it's an expansion socket.

NOTE WELL: This list operates according to