[ietf-dkim] Keys vs. Reputation
Douglas Otis
dotis at mail-abuse.org
Tue Aug 22 10:11:39 PDT 2006
On Aug 22, 2006, at 9:57 AM, Jon Callas wrote:
> On 21 Aug 2006, at 10:48 PM, Douglas Otis wrote:
>
>> When DKIM fails to offer a means to assure the validity of the
>> 2822.From address, then an important goal has been missed. The
>> use of a subdomain for signing removes an ability to indicate with
>> the i= syntax that the 2822.From is assured to be valid.
>
> Doug.
>
> Section 5.4 of DKIM-base says:
>
> 5.4 Determine the header fields to Sign
>
> The From header field MUST be signed (that is, included in the
> h= tag of the resulting DKIM-Signature header field).
>
> How does this not handle your objection? What you are saying ("When
> DKIM fails to offer a means to assure the validity of the 2822.From
> address...") is categorically false. DKIM *REQUIRES* you to assure
> the validity of the 2822.From address.
Applying a signature and ensuring the 2822.From header can not be
modified is not equal to having validated that the account sending
the message represents the recipient of that 2822.From address or
that this account's use of the 2822.From address is valid. Being
included in the signature's hash is not the same as having validated
the associated content.
-Doug
More information about the ietf-dkim
mailing list