[ietf-dkim] Data integrity claims
sx6un-fcsr7 at qmda.emu.st
Fri Oct 15 17:32:53 PDT 2010
> I thought the "What DKIM does" thing was a long-dead horse, as we'd
> long ago reached consensus that what DKIM does is provide a stable
> identifier on the message, and nothing more. That makes this
> assertion inapposite.
> I think perhaps now would be a good time to make that explicit,
> since a lot of people (including some in here) are continuing to
> infer that DKIM should be used to "protect" the body. So I propose
> this be added to 4871bis:
(I don't know what "inapposite" is, but I like it!)
To your point, the identifier and the message must go together to be
meaningful. One without the other is meaningless. Therefore one could
argue that DKIM is "protecting" that relationship between the message
Or put another way, if a DKIM signer is taking responsibility for the
message, then DKIM should also protect the original assertion of the
signer - which again includes the message as well as the identifier.
I don't think you can disconnect the two and retain value. Maybe
that's what folk mean when they say "protect the body"?
More information about the ietf-dkim