[ietf-dkim] the usual misunderstanding about what DKIM promises
hsantos at isdg.net
Fri Oct 22 19:13:13 PDT 2010
John Levine wrote:
>>> DKIM makes no statement about the validity of a "sender" address.
>> I guess I should have said Author address.
> DKIM makes no statement about the validity of an Author address.
I keep reading this but there is no technical merit to show there is
any truth to it, and in fact the only thing that is probably the
strongest validity is the Author Address.
No matter how many times it is stated and repeated, it will never be
true. If one wants this to be true, then remove the required binding
the Author Address, A.K.A 5322.From.
I will go on to suggest that this ongoing design confusion of trying
to water it down with unrestricted resigners is what got this WG all
bogged down in trying to teach the world that the From really means
nothing but only the signer does. It even reduces the incentive for
adopters to invest in Domain DKIM Signing because they really have no
power over controlling who can take control of their own messages or
those that purports to be from them. They have really little payoff.
My point is it really hasn't help DKIM to continue to water down the
validity of the author address. If it wasn't a required binding, then
there begins some truth to the statement.
Hector Santos, CTO
More information about the ietf-dkim