On May 31, 2006, at 5:29 PM, <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]> wrote:
Current statement 5.1 is fine, your changes introducing a -i
requirement
bypasses the main thrust of DKIM. I signed this message/I did not sign
this message.
The location of the key (d=) clearly indicates who signed the
message. The i= parameter is an added assurance that might be made
by the signing domain. This i= parameter is optional. Lack of this
assurance does not, by itself, indicate abusive behavior or detract
from the value of the signature. The signing domain can still be
held accountable for abuse. It is not practical to expect all
providers will regulate use of each and every email-address. Not
changing the appearance of the message is a primary goal, yet
injection of a Sender header, as example, makes such a change
necessitating customer support calls explaining the questionable
modification.
An expectation that all email-address use must be restricted would be
highly repressive and likely lessen adoption of DKIM with its many
other benefits. DKIM is not about setting up an obstacle course for
email-address owners to navigate. With or without the i= parameter,
DKIM indicates who can be held accountable. DKIM is not visible
without annotation. This annotation must allow for the condition
where an email-address has not been assured.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
