I'll take a shot at these... Dave Crocker wrote: > > 1. Is the SSP specification intended (or allowed) to modify the > semantics of the DKIM Base specification (RFC 4871)? > > I am hoping that folks do *not* intend to change the semantics > of the base specification, since any change will disrupt adoption of > the base.
I thought we had been very clear about this: SSP is intended to provide additional information beyond that in the signature(s), and particularly in the absence of an originator signature. > 2. Does RFC 4871 contain any claims that a DKIM signature carries > a claim by the signer that any of the body or header content is > "correct" or "truthful"? > > I ask because I believe it does not carry any such claim and > that, rather, a DKIM signature asserts a very generic degree of signer > "responsibility" which does not extend to formal claims of correctness. 4871 indeed uses a broad notion of "responsibility". However, in the case where the signing address is the same* as some other header field, such as 2822.From, I don't see how a signer can be responsible for a message that uses its own address without an implied claim that the address is correct. * "same" meaning that the i= address is either the identical, or that the i= address has the same domain if i= has no specified local part. -Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
