Murray S. Kucherawy writes: > Interesting. So DKIM-Delegate is syntactically the same as DKIM-Signature, > but with augmented semantics? Or did you have something else in mind?
That's what I had in mind. But the semantics are not merely augmented, they're conceptually different. DKIM-Delegate attests only to the authenticity of the delegate list, not to the content of the message. It occurs to me that that means that in the case of use of an explicit delegate list, the DKIM-Delegate field needs to contain a signature for itself. Not a conceptual problem AFAIK, but the creation and verification of the field get fussy. I think that in general use of an explicit delegate list should be recommended, and that where the Originator can identify lists with good reputations, it should restrict to them rather than allow random mailboxes. I'm not sure how to make precise enough to go into the I-D, though. _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
