[ietf-dkim] DKIM does not identify senders, and we have big semantic problems
John Levine
johnl at iecc.com
Wed Jan 28 09:07:03 PST 2009
>> Including the From: field in the DKIM hash does *not* carry the semantic
>> that it has valid content!!!!!
>
>As I said .. in certain cases.
No, in no cases. None whatsoever. All a signed From: field tells you
is that it had the same content when it was signed as when you checked
the signature.
You may well have opinions about the utility of a particular signer's
signature, and you might have an external reputation system that says
"foo.com only signs From: headers that they believe" but that is
external to DKIM. If a mail manager as sophisticated as you has
trouble understanding the layering of DKIM, we're going to have
horrible problems explaining it to the masses.
> The other alternative being some other field (such as a received
>header with smtp authentication data) that does get signed.
If you want a signature that identifies the individual user, there's
S/MIME and PGP.
It's clear that it might be useful to have add-ons to DKIM that
provide more complex semantics, and "signer validates From: address"
would be a reasonable one, but as it stands, the only common semantics
among DKIM signatures is "I signed this message".
R's,
John
More information about the ietf-dkim
mailing list