On Tue, Feb 10, 2009 at 12:23:02PM -0500, Hector Santos wrote: > Jeff Macdonald wrote: >> >> d=good.rep.example.net or >> d=bad.rep.example.net >> >> do not assume that those identifiers mean "good" and "bad". Good and >> bad could be the names of two different companies. A signer could sign >> like this instead: >> >> d=53302.rep.example.net or >> d=9999.rep.example.net >> >> and this would enforce to the verifier that no meaning should be placed >> on what d= contains. >> >> d= is just an identfier that is used to look up the public key > > > Jeff, > > It a DNS DOMAIN and a DNS DOMAIN is a well defined entity. And this d= > DNS DOMAIN must match the 2822 (DNS) Domain.
yes, in my examples, {good,bad}.rep.example.net are valid DNS domains. > It is well forth, bloody, scared specific 1st PARTY only signing > requirement. I don't understand what you are saying here. d= can have domains that are considered by some to be 3rd party too. > It does not lack clarity. It is not obtuse, it is not "hard to > understand or explain," nor is it unintelligible, and it is certainly > not opaque. I think we all agree that d= is a domain. The spirit of using the word opaque was to mean "don't read into what that domain may represent". -- Jeff Macdonald jmacdon...@e-dialog.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html