[ietf-dkim] DKIM Threat Assessment v0.02 (very rough draft)
mike at mtcc.com
Tue Aug 9 13:28:42 PDT 2005
Dave Crocker wrote:
>>>> In the current Internet Mail environment a mail receiver can never be
>>>> sure whether a piece of mail was from the purported author they
>>>> normally associate with the claimed identity. This leads to many
>>>> avenues of abuse.
>>>> A secondary goal of DKIM is to validate a standard identity field,
>>>> such as RFC2822.From or RFC2822.Sender.
>>> Stating this as a secondary goal appears to contradict the earlier
>>> paragraph. I.e. The earlier paragraph implies that validating
>>> RFC2822.From or RFC2822.Sender would be a primary goal.
>> I agree.
> Well, a coherent and not-contradictory thought was driving my writing, but
> Heisenberg got in the way.
> The intended thought was that having ANY accountable entity -- where the
> accountability is meaningful -- improves the likely validity of the other
> identity fields.
> So, no, I had not intended to make direct validation of From or Sender a primary
I, on the other hand, do.
More information about the ietf-dkim