[ietf-dkim] DKIM Threat Assessment v0.02 (very rough draft)
fenton at cisco.com
Wed Aug 17 14:05:31 PDT 2005
[catching up on mail from while I was away]
domainkeys-feedbackbase02 at yahoo.com wrote:
>But whatever. Regardless of how one might interpret the webmail interface, the
>point I'm trying to make clear is that, as a verifier, and from a specification
>perspective, Yahoo is *not* interested in, and doesn't care about, localpart.
>Obviously other may be, and good for them, but Yahoo is not.
In a previous message you wrote:
>The g= is an admittedly crude attempt to constrain the use of delegated keys
>and is not intended to be of particular interest to a verifier above and beyond
>ensuring the constraint is complied with as part of the verification rules.
Don't you need to look at the localpart to determine whether the g=
constraint was complied with? If the answer is "yes, to determine if
they match, but I'm not going to do anything else with localpart" than
we're in agreement.
More information about the ietf-dkim