[ietf-dkim] Issue 1550 - the name of the document (remains open *briefly*); there's still,disagreement on "Author"
Douglas Otis
dotis at mail-abuse.org
Tue Mar 11 13:52:06 PDT 2008
On Mar 11, 2008, at 11:47 AM, MH Michael Hammer (5304) wrote:
> As the person who originally threw out the suggestion of ADSP on the
> list (only half seriously), I agree with Pete. The author does not
> sign
> and the author does not set the policy. It is the domain that is
> signing
> (by virtue of publishing the DNS records, even if the author happens
> to
> sign at the MUA/MSA) and the domain which is expressing the policy.
Agreed. Sloppy terminology has lead to incompatible compliance
requirements involving restrictions on use of local-part identities.
The signing domain MUST decide whether the message is compliant with
their policies BEFORE signing the message. Verifiers should not
attempt to second guess whether a domain's signature means the message
is compliant with their policy or not!
Reliance upon a signing domain's stewardship MUST NOT occur when the
message is signed using a restricted key (intended for untrustworthy
individuals or systems) that also includes an identity not found
within the From header. Whether or not the domain also publishes
policy SHOULD NOT affect how these restricted key messages should be
treated. Such messages should not benefit from the reputation of the
domain, but might benefit from the reputation of the identity,
although such benefits are likely only appreciated by individual
recipients.
-Doug
More information about the ietf-dkim
mailing list