[ietf-dkim] Re: ISSUE 1525 -- Restriction to posting by first
Author breaks email semantics
Michael Thomas
mike at mtcc.com
Wed Jan 16 10:13:05 PST 2008
Dave Crocker wrote:
> Jim,
>
> Please read the following carefully and assume, just as a hypothetical,
> that I might actually have a legitimate basis for the assessment being
> offered and that there is a chance that your views are not automatically
> correct:
>
>
> Jim Fenton wrote:
>> The goal of SSP is to determine the practices of the (alleged) author
>> of the message.
>
> That certainly describes the engineering focus that has been taken for
> the current draft. It does not necessarily represent the precise goal
> of SSP:
>
> RFC 5016:
>> While a DKIM signed message
>> speaks for itself, there is ambiguity if a message doesn't have a
>> valid first party signature (i.e., on behalf of the [RFC2822].From
>> address): is this to be expected or not?
>
> This requirements statement is actually self-contradictory, since the
> words "speaks for itself" rather explicitly means that any signature is
> sufficient, while the rest of the sentence seems to mean that the wishes
> of the purported author dominate.
No it isn't. A signed message is a signed message. It doesn't say about
any relationship to any outside address. It speaks for itself. SSP is
about the subset of signatures that have a relationship with the From
address. Any signature is not sufficient by definition.
> Whereas SSP began as a simple idea as a means of deciding whether an
> unsigned message should have been signed, it has morphed into an effort
> to validate the From field. That is a very, very different goal.
This is revisionist history. I've pointed to both of the historical
documents of IIM and DK which directly contradict you.
Mike
More information about the ietf-dkim
mailing list