Murray S. Kucherawy wrote: >> Although 5322.From is not mentioned here, how can DKIM provide any level >> of defense against fraudulent use of origin addresses, if d= is the one >> and only mandatory output of the verification process? > > Why does the output of DKIM need to include something when the > consumer of that output already has that information?
Its not really how data is obtained but what Data is needed for ADSP TRUST as described as part of the RFC5585 design. One can reasonably state that the true definition for Output is all INPUT that went into the signature and the result code: HLIST (All the signed headers, h=) SDID (d=) SELECTOR (s=) AUID (i=, if defined) HASH (strength) RCODE (Verifier result code) Its understood the new 3.9 is burning in what is only value required and its for a presumingly a required trust assessor since "d=" value MUST be passed to it. So why not add a reference to VBR? You have a MUST there to pass to something, help promote VBR to fulfill the MUST. All is that is being asked is cross the tees, dot the eyes for RFC5585 with a MAY for ODID. You don't even have to mention ADSP, just say its an optional part of the total DKIM Service Architecture. Just like VBR is, just like A-R is. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html