On Wed, 27 Jul 2005, Earl Hood wrote:
DKIM-Signature: a=rsa-sha1; s=whatever; d=ispoofyou.org;
c=simple; q=dns;
h=Received : From : To : Subject : Date : Message-ID;
b=dzdVyOfAKCdLXdJOc9G2q8LoXSlEniSbav+yuU4zGeeruD00lszZ
VoG4ZHRNiYzR;
Received: from 10.2.3.4-example.com [10.2.3.4]
by submitserver.example.com with SUBMISSION;
Fri, 11 Jul 2003 21:01:54 -0700 (PDT)
From: Joe User <joe(_dot_)user(_at_)example(_dot_)com>
To: Suzie Q <suzie(_at_)shopping(_dot_)example(_dot_)net>
Subject: I need your help?
Date: Fri, 11 Jul 2003 21:00:37 -0700 (PDT)
Message-ID: <20030712040037(_dot_)46341(_dot_)5F8J(_at_)example(_dot_)com>
...
In the example, the i= is a sub-domain of d=, but the From is
of a different domain (and what is displayed by MUAs).
Actually there is no "i" in above example. But your point of that
signature verified needs to know what identity is beint authorized
is correct. In META-Signatures I addressed this with explicit
declaration of identity, i.e. "id=from s=ispoofyou.org;" section would
not cause valid signature result if it is "From:
joe(_dot_)user(_at_)example(_dot_)com"
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net