[ietf-dkim] Responsibility vs. Validity
J D Falk
jdfalk at returnpath.net
Tue Nov 27 11:00:04 PST 2007
Steve wrote:
> That, to me, is it's *intended* use, sure, but there's no denying
that
> a validly signed DKIM message asserts that the content has not been
> tampered with since it was signed (within some fairly well- defined
> limitations).
>
> PGP, S/MIME and DKIM all make the same basic statement: "*this* sender
> sent you *this* message and it's not been tampered with since they
> signed it". Intended usage may be different, but the basic function is
> the same.
To continue agreeing, I'd add that it says "this message has not been
modified since this sender took responsibility for it" -- which gets
back (as these conversations always do) to the question of whether or
not you trust the sender (for various definitions of "trust"), which
isn't a question DKIM can answer for you.
--
J.D. Falk
Receiver Products
Return Path
More information about the ietf-dkim
mailing list