[ietf-dkim] Delegating responsibility: a make vs. buy design
dotis at mail-abuse.org
Mon Aug 21 09:38:03 PDT 2006
On Aug 21, 2006, at 8:34 AM, Dave Crocker wrote:
> Paul Hoffman wrote:
>> I see people who supposedly agree with each other about the policy
>> appear disagree on the required and requested response to the
>> policy. Some of that is because the tone of the messages is "this
>> is obvious" (which it is not), and some of it is because there are
>> long-winded discussions of the usefulness of the messages that
>> don't concretely say what the recipient should/must do.
> For the case of mail that is signed, I am still waiting to hear why
> it is not sufficient to have a third-party use a a sub-domain of
> the preferred (author, or whatever) domain name.
The domain or subdomain of a signature must still restrict the use of
the 2822.From address to enable validity assertions. When the
signing domain restricts 2822.From address to those validated per
account, then this address can be asserted valid. The validity of
the address can be asserted by i= syntax or by a 2822.From policy
with respect to designated domains.
> Hence, the signing practices requirement would only exist for
> unsigned messages.
The requirement for signing practices would exist whenever the domain
of the signature does not match the domain of the 2822.From address.
More information about the ietf-dkim