[ietf-dkim] Responsibility vs. Validity
jon at callas.org
Thu Nov 29 13:36:12 PST 2007
-----BEGIN PGP SIGNED MESSAGE-----
> If the i= tag does not "mean something", and the verifier cannot
> make use
> of it for any purpose, then what on earth is the point of having it
> in the
> standard in the first place?
It is there for the signer to relate the message back into their own
framework. It is there so that *when* you get a complaint about a
message, you have more to go on.
Let us suppose that the DKIM signer writes out log messages with a
monotonically increasing numbers for each message it signs. That
number is a perfectly fine thing to put in i= because it lets the
signer know who did a bad thing. (Or whose message was used as a bad
> AFAICS, it does not mean much, but at least is should mean that
> user of domain is present in that tag was known to have played some
> in bringing that message to the signer.
Who says there has to be a domain in the tag? In the example I gave,
it can be a number.
While it is an identity, we are completely open as to what that
identity has to be. It doesn't have to be an email address, or an
account, or anything. 4871 says that <string>@<domain-from-d=> is the
default, and it makes a certain sense to do that, it is not required.
There are very good reasons for making it opaque. It protects the end
user from harassment, and makes sure that if the user is misbehaving,
the place people complain is to the domain itself.
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
-----END PGP SIGNATURE-----
More information about the ietf-dkim