[ietf-dkim] Re: Attempted summary
John Levine
johnl at iecc.com
Tue Jan 24 11:40:24 PST 2006
>What is not clear to me is the benefit of a mailing list signature
>that is required to vouch for the authenticity of someone elses
>FROM: address.
It's vouching for the authenticity to the extent that it's promising
that this is the same From: address that was on the message when the
list sent it out. It's the same promise that every DKIM signature
makes.
> I am concerned that the FROM: address is becoming a conceptual
> bottle neck, and would like to see a solution that allows mailing
> lists and other forwarders to sign mail ("as I forwarded this")
> without implied claims about the authenticity of the FROM: address.
As far as I know, no DKIM signature, from anyone, ever makes any
claims about the authenticity of the From: address. A DKIM signature
is a statement from the signing domain that "this is mine", not "this
is real".
Perhaps some grandson-of-SSP will let signers publish assertions
about the semantics of their signatures, but that is vastly beyond
the scope of anything we're considering now.
R's,
John
More information about the ietf-dkim
mailing list