On 7/25/2014 2:41 PM, Tony Hansen wrote:
So the text about "belongs to the person who actually sent the message"
could be considered a reference to the use of i=.
1. While yes, some folk generating i= had that basis for it, it was
never in the spec for that. That is, the original DKIM never
standardized anything like this at all, and the revision removed the
confusion entirely (I hope).
2. The sentence in RFC5321 could be considered all manner of possible
references, but let's try to keep things as simple as possible: the
language that is there is was incorrect when written and is incorrect now.
However, subsequent work with DKIM showed that i= was unreliable for
that purpose, and instead should be treated as an opaque value.
Not just unreliable; the spec really wasn't document to that use.
So when 5321bis was being discussed, it's entire possible that some of
the people reading it at that time really did think that DKIM COULD be
used to help determine if the message belonged to the person who
actually sent the message. And so, would NOT have flagged that text as
That was certainly possible. The whole d=/i= wars was due to widespread
confusion about such things, including folk who thought it was fine to
have a protocol spec be ambiguous about such things...
If I were to change the text in any fashion, it would be to change the
words "provide ways to ascertain" to something like "provide tools that
could help ascertain".
Uh, no. The semantics of SPF and DKIM don't really do that. Any use in
that direction goes far, far outside of the specs.
ietf-smtp mailing list