On Aug 22, 2006, at 9:57 AM, Jon Callas wrote:
On 21 Aug 2006, at 10:48 PM, Douglas Otis wrote:
When DKIM fails to offer a means to assure the validity of the
2822.From address, then an important goal has been missed. The
use of a subdomain for signing removes an ability to indicate with
the i= syntax that the 2822.From is assured to be valid.
Doug.
Section 5.4 of DKIM-base says:
5.4 Determine the header fields to Sign
The From header field MUST be signed (that is, included in the
h= tag of the resulting DKIM-Signature header field).
How does this not handle your objection? What you are saying ("When
DKIM fails to offer a means to assure the validity of the 2822.From
address...") is categorically false. DKIM *REQUIRES* you to assure
the validity of the 2822.From address.
Applying a signature and ensuring the 2822.From header can not be
modified is not equal to having validated that the account sending
the message represents the recipient of that 2822.From address or
that this account's use of the 2822.From address is valid. Being
included in the signature's hash is not the same as having validated
the associated content.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html