On 5/31/2019 4:47 AM, Dotzero wrote:
Non-repudiation is not the purpose of DKIM signing. The purpose was (and
is) to provide a mechanism for mailbox providers to evaluate whether an
email message was authorized by a particular domain.
Nit-picking time. I'd apologize for indulging, but I'm not really sorry:
Even "authorized" is too strong a label for what DKIM officially does.
"Touched" is more in line with what the spec defines, although "took
some responsibility for" is a more ponderous way of saying that.
Specific sites have DKIM usage policies based on much stronger
semantics, but that's outside the DKIM specification. Hence, no one
down the handling sequence can rely on just the specification and know
of that stricter semantic.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
