[ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"
mike at mtcc.com
Wed May 4 16:36:34 PDT 2011
On 05/04/2011 03:55 PM, Rolf E. Sonneveld wrote:
> Well, I think you both are right in reading what my concern/objection
> against 4871bis is. And maybe you're also right in that RFC4871 wasn't
> that much different of RFC4871bis.
> I think in the early days of DKIM most people assumed DKIM would
> become a protocol where:
> * the body hash and header hash, using various header fields,
> certifies the DKIM signature and
> * the DKIM signature certifies the body and header fields, that
> had been used to create the DKIM signature.
By "certify" do you mean "assert that they are true/correct/something
along those lines"?
DKIM doesn't make such assertions because there's no way absent a good
infrastructure that a receiver should believe such an assertion. The
ADSP adds one mechanism that allows a very narrow assertion about From to
the author domain be believable, but we certainly do not have anything
that. If there was some verbiage in the security analysis, it is likely
the precise delineation of signing protocol (DKIM) and policy protocol
was was not completely gelled at the time -- 4686 was put together mainly to
get past some process hurdles (imo) to form the wg, so it's pretty
even then there was no intent to "certify" other header fields other
More information about the ietf-dkim