[ietf-dkim] The (really) latest SSP draft
Jim Fenton
fenton at cisco.com
Fri Oct 19 08:46:34 PDT 2007
I'll take a shot at these...
Dave Crocker wrote:
>
> 1. Is the SSP specification intended (or allowed) to modify the
> semantics of the DKIM Base specification (RFC 4871)?
>
> I am hoping that folks do *not* intend to change the semantics
> of the base specification, since any change will disrupt adoption of
> the base.
I thought we had been very clear about this: SSP is intended to provide
additional information beyond that in the signature(s), and particularly
in the absence of an originator signature.
> 2. Does RFC 4871 contain any claims that a DKIM signature carries
> a claim by the signer that any of the body or header content is
> "correct" or "truthful"?
>
> I ask because I believe it does not carry any such claim and
> that, rather, a DKIM signature asserts a very generic degree of signer
> "responsibility" which does not extend to formal claims of correctness.
4871 indeed uses a broad notion of "responsibility". However, in the
case where the signing address is the same* as some other header field,
such as 2822.From, I don't see how a signer can be responsible for a
message that uses its own address without an implied claim that the
address is correct.
* "same" meaning that the i= address is either the identical, or that
the i= address has the same domain if i= has no specified local part.
-Jim
More information about the ietf-dkim
mailing list