[ietf-dkim] Charter bashing...
fenton at cisco.com
Wed Oct 12 22:48:06 PDT 2005
Earl Hood wrote:
>On October 11, 2005 at 21:50, "Hallam-Baker, Phillip" wrote:
>>I have a DKIM-SL client that is designed to add an end user signature.
>How to you distinquish between an end-user signature and a signature
>created by a gateway? I.e. How does a DKIM verifier know for sure
>that a given signature was created by the end-user versus some
In general, DKIM isn't an end-user signature; it's a signature from a
domain owner (or, more accurately, whoever controls the _domainkey
subdomain of a domain). Signatures are usually created by gateways; we
don't expect MUAs to be signing things in most cases. So perhaps the
question should be, "How do you distinguish between a signature from the
original end-user's domain for that end-user?"
DKIM SSP approaches this a little differently. Given the fact that it's
almost always the RFC 2822 From: address that gets displayed to the
recipient, it asks whether there is a valid signature for that address
on a message. If so, it's considered a "first-party" signature and
satisfies an Exclusive signing policy (denoted by !), and if the only
valid signature(s) are for other addresses, it's a "third-party"
signature and might be handled differently.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ietf-dkim