[ietf-dkim] Responsibility concerns with Designated
Signing Domains
Dave Crocker
dhc at dcrocker.net
Mon Aug 28 12:52:08 PDT 2006
Stephen Farrell wrote:
> But if the delegator delegated its private key, or if the signer
> supplied its public key to the delegator, then the buck might get
> moved between them (from their, and not the verifier, perspective),
> depending on the details of how the key delegation happened.
>
> For example, if there is >1 copy of the private key, then, in
> buck passing terms, we just don't know which signer signed.
The buck stops with the d= string.
How that string is administered is not a matter for public analysis.
You appear to be introducing an expectation that a validator is supposed to be
able to know exactly which entity, within the ADMD of the signing domain,
actually performed the signing action.
Since that is not something DKIM is designed to provide, per se, where does this
expectation come from?
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
More information about the ietf-dkim
mailing list