On 11/14/2005 18:25, Douglas Otis wrote: > On Nov 14, 2005, at 2:04 PM, Jim Fenton wrote: > > Barry, > > > >> DESCRIPTION OF WORKING GROUP: > >> > >> The Internet mail protocols and infrastructure allow mail sent > >> from one > >> domain to purport to be from another. While there are sometimes > >> legitimate > >> reasons for doing this, it has become a source of general > >> confusion, as well > >> as a mechanism for fraud and for distribution of spam (when done > >> illegitimately, it's called "spoofing"). > > > > The parenthetical seems to be a bit misplaced, and might fit better > > to the use of the word "legitimate". This might read more easily > > if broken into two sentences. > > Considering the potential for this statement to be in conflict with > existing practices, perhaps much of the otherwise difficult > justifications can be avoided by restating the intended goals of the > working group. For example, it should be perfectly legitimate for > the From to be signed by a different domain. Otherwise, the > resulting disruptions will likely prevent DKIM deployment. Even > adding just a Sender header has been problematic. How about: > > ---- > Verifying a domain accountable for a message is a problem for users > of Internet mail when deciding whether to accept messages. DKIM > verifies a signing domain name that serves as a basis for trusting > the selected content and headers within a message. The DKIM working > group will produce standards-track specifications that permits > authentication of a domain name associated with the message using > public-key signatures and based upon domain name identifiers. This > specification will also verify that the selected content and headers > were not changed subsequent to the signature. > > In special cases, the accountable domain may wish to assure the > recipient that all messages having an originating email-address > within this domain will be signed by the domain. This assurance is > to abate spoofing that has become common for some types of > transactional email. This assurance will be in conflict with current > practices where the purported author is not associated with the > signing-domain. To prevent undue conflict and disruption, the lack > of originating email-address assurances must be considered normal and > fully acceptable, and partial assurances should never be used. > ---- > I think that would be a step backwards from the current wording.
Scott K _______________________________________________ ietf-dkim mailing list http://dkim.org