[ietf-dkim] Not exactly not a threat analysis
Dave Crocker
dhc at dcrocker.net
Mon Aug 15 08:37:36 PDT 2005
> This is useful, but seems to ignore the discussion that has been surrounding
> the fact the signature does not provide assurance about the source
yeah. maybe i should have tried for different language, but folks seem more
comfortable with that term and i wanted to see whether we could get basic
agreement on any sort of summary description.
> - rather
> it provides assurance that a specified signing party is vouching for the
> message. The signing party may be associated with the source, or they may
> not be. Accepting the message on the basis of the signature implies
> accepting the relationship between the signing agent and the message
> originator.
I like your last sentence, although the signer does not have to necessarily be
associated with the originator, since the message can be signed anywhere along
the path.
d/
---
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker a t ...
WE'VE MOVED to: www.bbiw.net
More information about the ietf-dkim
mailing list