Dear Tony,
Use of DKIM offers a very poor authentication example, since this draft makes
the same errors made in RFC5863. It is wrong to suggest the DKIM protocol
permits associating a validated identifier to a message as stated in the
Introduction. This is the same erroneous conflation of a message fragment with
that of a message. In most cases, DKIM does not adequately protect message
integrity as explained in
http://tools.ietf.org/html/draft-otis-dkim-harmful-03. In addition, DKIM can
not authenticate who is accountable for having sent the message which makes it
impossible to safely assign reputation. As such, DKIM should never be referred
to as a message authentication protocol. StartTLS would represent a much
better example.
Regards,
Douglas Otis