[ietf-dkim] linkage between "originator" and "handling agent"
earl at earlhood.com
Wed Aug 17 10:56:47 PDT 2005
On August 17, 2005 at 09:03, Dave Crocker wrote:
> In fact the main reason that I question the need to have most/any of SSP --in
> the *first* round of standardization -- is that there is quite a bit of utili
> in exactly the scenario you describe: A message arrives with a signature.
> *ANY* signature. There is quite a bit of useful information derived from
> validating that signature, or having the signature fail validation.
Huh. You seemed to be supporting the route I was advocating of
define a basic signature algorithm and then define applications
on top of that.
Anyway, a signature itself has no real value. Now some value is
implied depending how keys are managed. Since (I'm guessing) you
are quietly inferring that keys are retrieved from DNS, then some
semantics to the signature are being defined. It is these semantics
that provide value, key retrieval provides little go on from
a verification perspective.
Without having well-defined semantics and bindings for a signature,
a signature has no value at the application level.
> There is *MORE* useful information if the validator can know that the signatu
> ID is "authorized" by the rfc2822.From domain administrator, but that
> information is not essential for creating an initial base of utility.
Would you please elaborate more on what you consider to be the
"initial base of utility"?
More information about the ietf-dkim