It appears that Neil Jenkins <[email protected]> said: >-=-=-=-=-=- > >On Fri, 8 Aug 2025, at 08:39, Phillip Tao wrote: >> However, I think DKIM can actually be split into two parts: the mechanical >> part of how to canonicalize and sign a message, and how to >transmit the key/establish trust. >> >> So, I propose that unobtrusive signatures actually be built on the first >> part of that. > >This makes a lot of sense to me.
Honestly, I don't see what problem this solves. If you want to use a DKIM signature, use a DKIM signature, and look up the key which is per-domain, not per-user, in the DNS which is where domain info lives. We sort of tried to make DKIM per-user with the i= tag but we realized that doesn't work because there's no way to tie the non-domain part of the i= value to a key in the DNS. The current version of unobtrusive signatures uses PGP keys. If you want to look them up in the DNS, RFC 7929 tries to do that, although its representation of the user's address is broken for reasons that I explained to the RFC's author but he didn't believe. R's, John _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
