[ietf-dkim] The (really) latest SSP draft
Jeff Macdonald
jmacdonald at e-dialog.com
Tue Oct 23 08:07:35 PDT 2007
On Mon, Oct 22, 2007 at 02:16:52PM -0700, Mark Delany wrote:
> On Oct 22, 2007, at 1:37 PM, Jon Callas wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>> So if he said i=subdomain.example.com, then surely the From/Sender
>>> can be expected to be from that subdomain; and if he said
>>> i=someone at example.com, then surely recipients can assume that
>>> 'someone' had indeed played some part in sending it.
>>>
>>
>> Absolutely not. DKIM is a protocol in which one administrative domain
>> speaks primarily to other administrative domain. It's not a domain-to-
>> user protocol nor a user-to-anything protocol. The i= parameter can
>> be anything the signing domain wants it to be. It is unlikely to be
>> an outright lie (for example, I mark all mail coming from alice with
>> bob), but it may be.
>>
>
> I liken i= to IDENT (RFC1413). The values *may* be meaningful to the
> administrative domain, but that's all that can be said about it.
It would be very useful. Think
d=bigmarketingcompany.com
i=@brandA.bigmarketingcompany.com
d=bigmarketingcompany.com
i=@brandB.bigmarketingcompany.com
d=bigmarketingcompany.com
i=@brandC.bigmarketingcompany.com
etc.
One signing domain, one DKIM entry in DNS, but many identities.
--
:: Jeff Macdonald | Director of Messaging Technologies
:: e-Dialog | jmacdonald at e-dialog.com
:: 131 Hartwell Ave. | Lexington, MA 02421
:: v: 781-372-1922 | f: 781-863-8118
:: www.e-dialog.com
More information about the ietf-dkim
mailing list