[ietf-dkim] DKIM Threat Assessment v0.02 (very rough draft)
Dave Crocker
dhc at dcrocker.net
Tue Aug 9 13:13:40 PDT 2005
> > > In the current Internet Mail environment a mail receiver can never be
> > > sure whether a piece of mail was from the purported author they
> > > normally associate with the claimed identity. This leads to many
> > > avenues of abuse.
> > > A secondary goal of DKIM is to validate a standard identity field,
> > > such as RFC2822.From or RFC2822.Sender.
> > Stating this as a secondary goal appears to contradict the earlier
> > paragraph. I.e. The earlier paragraph implies that validating
> > RFC2822.From or RFC2822.Sender would be a primary goal.
>
> I agree.
Well, a coherent and not-contradictory thought was driving my writing, but
Heisenberg got in the way.
The intended thought was that having ANY accountable entity -- where the
accountability is meaningful -- improves the likely validity of the other
identity fields.
So, no, I had not intended to make direct validation of From or Sender a primary
goal.
d/
---
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
WE'VE MOVED to: www.bbiw.net
More information about the ietf-dkim
mailing list