[ietf-dkim] Author Signature vs. Author Domain Signature / Internal vs External threats
Barry Leiba
barryleiba at computer.org
Thu Apr 2 10:24:02 PDT 2009
> DKIM is about domains, not email addresses. And that's all ADSP should be.
> Using i= encourages this cofusion. Using "Author Signature" rather than "Author
> Domain Signature" also encourages it.
Indeed.
As I recall, when we started this, both pre-IETF and bringing it into
the IETF, one goal was to allow, in the architecture, extension to
individual authors... but *not* to deal with individual authors at
this stage. It was, in fact, one (of several) of the arguments about
why we couldn't just use S/MIME.
> If the domain owner cannot exert enough administrative control, to keep
> signatures for mailing lists separate from signatures for authors, then that's
> the owner's problem. It shouldn't be the receivers.
I agree.
Barry (participant)
More information about the ietf-dkim
mailing list