[ietf-dkim] draft-ietf-dkim-ssp-02.txt (issue 1519?)
Jim Fenton
fenton at cisco.com
Fri Feb 1 14:58:47 PST 2008
Douglas Otis wrote:
> This draft goes to the opposite extreme of the ASP draft and increases
> the restrictions for "all" compliance as well. This draft indicates
> _ALL_ messages are to include a signature with an i= parameter matches
> that of an identity within the From header. This is not the defined
> use for RFC 4871.
It is true that RFC 4871 does not require or define any binding between
the i= parameter and the From header field (or any other header field,
for that matter). That is defined by *SP. The question is really the
nature of that binding: whether it's the entire address (in cases where
i= has a local-part) or whether it's just the domain. That seems to be
what's at the heart of issue 1519.
>
>
> The ASP approach creates fewer corner cases. At least with the ASP
> draft, any risk of misuse remains within the control of a domain to
> rectify.
This last statement I don't understand. Can you give an example of
"misuse within the control of a domain" that is introduced by matching
the local-part?
-Jim
More information about the ietf-dkim
mailing list