[ietf-dkim] Responsibility vs. Validity
Dave Crocker
dhc at dcrocker.net
Tue Nov 27 10:17:01 PST 2007
Folks,
This note is about an old topic that seems to remain unresolved. I'm posting
it to see where the working group is on the matter:
Mechanisms like OpenPGP and S/MIME essentially validate the authenticity of
content. DKIM does not. For example, a DKIM signature does not contain the
semantics that claim that the From field is correct, nevermind that it does
not distinguish between "brands" such as are often implied by the display
string in the From field, versus the email address in it.
Rather, DKIM's task is to allow an organization to say this it has some
responsibility for the message; that is, come to them if there is a problem.
In looking at the range of features that have been added to SSP, I keep
thinking that this distinction is not clear. It seems to me that there is
tendency to want to build "the content is valid" mechanisms into SSP.
Thoughts?
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
More information about the ietf-dkim
mailing list