[ietf-dkim] Proposal for specifying syntax and semantics
formultiple signatures
Steve Atkins
steve at blighty.com
Sun Apr 2 09:49:36 PDT 2006
On Apr 2, 2006, at 8:44 AM, Barry Leiba wrote:
>> I think it depends on your "Verifier" the guys who have to make
>> the decision
>> with all the junk coming into the system how it will view it.
> ...
>> Are we suppose to turn a blind eye to the quality of the message
>> and just
>> look at who is responsible? If so, then who cares what the
>> message quality
>> is as long as it comes from a "good person."
>
> We have to be clear about what DKIM is and isn't.
>
> DKIM is something that lets a sender say "my domain sent this
> message".
Not even that, as I understand it. In some cases the domain that's
signing the
message will have nothing at all to do with putting it on the wire,
and in some
cases nothing to do with the details of composing the message. (Back
to Daves
distaste for the word "sender").
"Someone who has access to a private key associated with this domain
(probably
someone authorized by someone associated with the DNS setup for this
domain)
has signed the content of this message, and the message hasn't
changed significantly
since they did that." is a bit closer.
That doesn't make for much of an elevator pitch, though, so perhaps
'A DKIM signature
from paypal.com says "I am paypal.com, and I authorize this message!"'.
Cheers,
Steve
More information about the ietf-dkim
mailing list