[ietf-dkim] DKIM Threat Assessment v0.02 (very rough draft)
Michael Thomas
mike at mtcc.com
Tue Aug 9 16:54:29 PDT 2005
Dave Crocker wrote:
>>> This is precisely what DKIM does. It is the domain administrator who
>>> defines the DNS records used by DKIM and DKIM's granularity of the
>>> validated identity is a domain name.
>>
>> That is not correct. The local part of the i= is intended to
>> provide a binding to the local part of outside origination
>> headers, not just the domain part. Which is why it is,
>> in fact, a primary goal.
>
>
>
> Since i= is optional, it seems difficult to argue that it demonstrates the
> tie-in to other identity header fields as primary goal.
It's not optional; its absense is just defaulted. For
the verify operation, it is $i = "@$d". For the binding
operation it is $i = "$g@$d".
Mike
More information about the ietf-dkim
mailing list