[ietf-dkim] Who signs what
Jeff Macdonald
macfisherman at gmail.com
Thu Sep 16 13:25:53 PDT 2010
On Thu, Sep 16, 2010 at 2:52 PM, Murray S. Kucherawy <msk at cloudmark.com> wrote:
>> That's contrary to normal use of the term third-party, as there
>> is no third party involved in this example - there's me and my
>> domain, and there's the recipient.
>
> How is a piece of software supposed to detect and apply that? As soon as you make that > allowance, then one could argue we should also have a heuristic to say "yahoo.co.uk" and > "yahoo.com" are related and should share a reputation.
I don't think Steve is saying that you do. I believe the point is that
people equate foo.com and a.foo.com as the same party. In many cases
this will be true. Before I posted my message, I had someone say how
did a.foo.com suddenly become 3rd party of foo.com? That wasn't that
person's understanding of it nor of other folks.
>> If we describe that as a third-party signature we risk confusing
>> it with the case of a true third-party signature from a certification
>> authority or some such. "Third-party that's the author"
>> vs "Third-party that's not the author".
>
> There's only confusion when we pile adjectives onto the end. It's third-party, or it's not. Or > since some people like ADSP's terms: It's an author signature, or it's not.
I am much happier with ADSP's terms. I'm still fairly certain folks
come to different conclusions regarding the term 3rd party.
--
Jeff Macdonald
Ayer, MA
More information about the ietf-dkim
mailing list