[ietf-dkim] DKIM Threat Assessment v0.02 (very rough draft)
Michael Thomas
mike at mtcc.com
Tue Aug 9 16:23:20 PDT 2005
Eric Allman wrote:
>> That is not correct. The local part of the i= is intended to
>> provide a binding to the local part of outside origination
>> headers, not just the domain part. Which is why it is,
>> in fact, a primary goal.
>
>
> That doesn't change the fact that it is the /domain/ signing a message,
> not a user. That domain may identify the individual user in such a way
> that is within the comfort zone of the signing domain administrator, but
> the keys are still owned and administrated by the domain owner.
That's all true, but that's not what Dave asserted:
> This is precisely what DKIM does. It is the domain administrator who
> defines
> the DNS records used by DKIM and DKIM's granularity of the validated
^^^^^^^^^^^
> identity is a domain name.
^^^^^^^^^^^
There's finer granularity than the domain name. The i= defines
it, not to mention the g=. Which in terms of a problem statement,
etc, is misleading to say that it's a secondary goal; it's been
a primary goal all along for everybody that I can determine except
Dave.
Mike
More information about the ietf-dkim
mailing list