[Hector, apparently you have unsubscribed, which is unfortunate. I'm
not sure this will be of interest to you, but it may be to others on
the list.]
Hector Santos wrote:
Threats:
- Adversary gains unauthorized access to domain private key
- Internal thief (black market) of
At 10:31 12-08-2005, Hector Santos wrote:
This is your standard benign Mailing List server adding footers etc,
breaking the integrity of any original signing.
You mean like this one? :-)
Regards,
-sm
___
ietf-dkim mailing list
Dave,
My comments are in-line:
On Aug 1, 2005, at 6:13 AM, Dave Crocker wrote:
By way of seeding discussion, here is a feeble attempt (ie, my own)
at creating
a draft response.
Don't sell yourself short. I don't think I could do any better, and
by the looks of it most people on this
Hector,
On Aug 11, 2005, at 7:45 PM, Hector Santos wrote:
Well, Andrew, atleast for me, I would really like to be part of
this effort,
but I can't help but feel it is a becoming a waste of time.
I'm sorry that you feel this way. And I'm sure there is not much I
can say to make things
This is precisely what DKIM does. It is the domain administrator who
defines the DNS records used by DKIM and DKIM's granularity of the
validated identity is a domain name.
That is not correct. The local part of the i= is intended to
provide a binding to the local part of outside
--- Michael Thomas [EMAIL PROTECTED] wrote:
That is not correct. The local part of the i= is intended to
provide a binding to the local part of outside origination
headers, not just the domain part. Which is why it is,
in fact, a primary goal.
One only has to look at Yahoo's web mail
I'm not sure that we aren't in agreement here. But I'm also not sure
that we are.
The granularity of the identity is (potentially) per user. But the
granularity of the signer is per-selector. Thus, the identity in i=
is really a statement by the domain that I have good reason to
believe
Eric Allman wrote:
I'm not sure that we aren't in agreement here. But I'm also not sure
that we are.
The granularity of the identity is (potentially) per user.
Yes. This what I believed to be incorrect in Dave's statement.
But the
granularity of the signer is per-selector.
Yes, which
On August 9, 2005 at 17:11, Michael Thomas wrote:
Yahoo! DomainKeys has confirmed that this message was sent by
*verified-domain*.
So your users all understand that verified-domain means
that means From: [EMAIL PROTECTED] instead of From: [EMAIL PROTECTED]
is what's really believable?