[ietf-dkim] Choices about Practice vs. Publication
Steve Atkins
steve at blighty.com
Sun Jul 8 16:46:38 PDT 2007
On Jul 8, 2007, at 4:37 PM, Douglas Otis wrote:
>
>> Steve pointed out to me that a basic challenge, here, is that
>> DKIM does not define a signature as meaning that the signer is
>> asserting the truthfulness of any particular bit of information in
>> the message. That's the inherent difference between the mild
>> "taking responsibility" semantics that we have given to a DKIM
>> signature, versus "asserting correctness" or the like.
>>
>> My suggestion to deal with this is to define the basic DKIM
>> sematnic that all DKIM-* headers are asserted to be valid, if they
>> are included in the signature.
>
> This assertion in many cases would need to exclude the From
> address, but this header is required to be signed. Use of the "i='
> parameter is likely the only positive means to communicate such an
> assurance and is already defined within DKIM base.
"From" does not start with "DKIM-".
Cheers,
Steve
More information about the ietf-dkim
mailing list