On 4/3/2014 4:40 PM, Fred Baker (fred) wrote:
DKIM encodings to sign messages. And of asking that IETF tools not reformat
email in ways that corrupt data that has been signed.
Yes, but...
DKIM does not authenticate message contents, and the dkim signing name
(d=) is not require to correlate with any other identifier in the
message. In particular, it can be unrelated to the domain name in the
From: field.
This independence is essential for some scenarios, such as having a
mailing list provide its own DKIM signature, using it's own domain name,
while preserving the author's original From address.
In other words, I like the goal you have in mind, but fear it is
considerably more challenging to achieve than any of us would like.
d/
ps. The other reason for using https is privacy to reduce traffic
analysis and other meta-data review. This is quite separate from
keeping IETF data 'confidential'.
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net