----- Original Message ----- From: "John Levine" <[EMAIL PROTECTED]> To: <[email protected]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, August 30, 2006 10:28 AM Subject: Re: [ietf-dkim] Delegated signatures in real life
> Keep in mind that DKIM, unlike SPF, requires the active > participation of whoever runs your outgoing mail server > to apply signatures, unless you are enough of a weenie > to run a signing engine in your MUA and do your own key > management. Exactly, so unless you have a written, verbal contract, TOS or what have you, signing mail on the behalf of the 1st party, masquarading as the 1st party or as the 3rd party has some serious implications. Unless there is some prior agreement or authorization, you're opening up a can of worms. And what if the MUA weenie is signing mail? How is his or her ISP going to handle that? Just blindly resign mail again? Why? For what purpose? -- Hector Santos, Santronics Software, Inc. http://www.santronics.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
