[ietf-dkim] Choices about Practice vs. Publication
Douglas Otis
dotis at mail-abuse.org
Sun Jul 8 20:15:16 PDT 2007
On Jul 8, 2007, at 4:46 PM, Steve Atkins wrote:
>
> On Jul 8, 2007, at 4:37 PM, Douglas Otis wrote:
>
>>
>>> Steve pointed out to me that a basic challenge, here, is that
>>> DKIM does not define a signature as meaning that the signer is
>>> asserting the truthfulness of any particular bit of information
>>> in the message. That's the inherent difference between the mild
>>> "taking responsibility" semantics that we have given to a DKIM
>>> signature, versus "asserting correctness" or the like.
>>>
>>> My suggestion to deal with this is to define the basic DKIM
>>> sematnic that all DKIM-* headers are asserted to be valid, if
>>> they are included in the signature.
>>
>> This assertion in many cases would need to exclude the From
>> address, but this header is required to be signed. Use of the
>> "i=' parameter is likely the only positive means to communicate
>> such an assurance and is already defined within DKIM base.
>
> "From" does not start with "DKIM-".
The From: field is intimately combined with the DKIM-Signature: field.
Per rfc4871:
---
5.4. Determine the Header Fields to Sign
The From header field MUST be signed (that is, included in the "h="
tag of the resulting DKIM-Signature header field).
___
Are you suggesting the intent is to sign other DKIM-Signatures and
thereby assert they are also valid?
-Doug
More information about the ietf-dkim
mailing list