Sorry for the delayed response. imc.org was ignoring my posts - even though I'm
a subscribed member.
--- Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:
There is some redundant information within domainkeys.
http://www.ietf.org/internet-drafts/draft-delany-domainkeys-base-02.txt
I assume the following is saying the sending domain has confirmed the
user is entitled to use the local-part of either the Sender or From
header.
No. It's saying that selector can only be used with an email that contains that
localpart.
|The current valid tags are:
|
| g = granularity of the key. If present with a non-zero length
| value, this value MUST exactly match the local part of the
| sending address. This tag is optional.
|Finally, DomainKeys is only intended as a "sufficient" method of
|proving authenticity. It is not intended to provide strong
|cryptographic proof about authorship or contents. Other technologies
|such as GnuPG and S/MIME address those requirements.
This statement contradicts the g= feature intended to do just that,
Not if you view g= as constraining the use of the selector to that localpart.
The idea is to give such selectors to out-sourced email marketers so that they
can only use, eg, sales(_at_)mail-abuse(_dot_)org and so that they cannot use
any other
localpart in that space.
Such a selector/private key could easily be distributed to multiple email
marketers who aren't localpart authenticated in any sense.
I admit to not being happy with:
http://www.ietf.org/internet-drafts/draft-kucherawy-sender-auth-header-00.txt
Murray has had a paucity of feedback so why not help him out and make yourself
happy at the same time?
Mark.