> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Shmuel Metz > Sent: Thursday, February 09, 2012 1:26 PM > To: [email protected] > Subject: Re: [marf] I-D Action: draft-ietf-marf-as-07.txt > > >Neither DKIM nor SPF do anything to authenticate the header From > >domain. What other mechanism are you proposing we introduce? > > I'm not; I'm proposing that we be neutral on any potential future > authenticatiobn standards. Or is there reason to believe that there > will never be an RFC for signing domain names in the header?
S/MIME and PGP also allow you to sign the From: field of a message, but they make no statement about whether what got signed is true or not. DKIM and SPF confirm that the use of the domain was effectively authorized. DKIM, S/MIME and PGP confirm that the domain wasn't changed post-signing. None of them make any statement about whether or not the domain itself is valid in context, true, or anything else. I can't conceive of an Internet-based technology that can confirm intent or legitimacy of the signer/author/whatever. _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
