On 5/12/2020 8:48 AM, Murray S. Kucherawy wrote:
On Tue, May 12, 2020 at 1:20 AM Alessandro Vesely <[email protected]
<mailto:[email protected]>> wrote:
On Mon 11/May/2020 20:23:12 +0200 Murray S. Kucherawy wrote:
> Indeed; why would I believe what any given domain claims in this tag?
If you trust the domain, you can as well trust their tagging.
If you trust the domain, you don't need their tagging.
Just to explore this a bit:
Presence or absence of 'trust' is orthogonal with /what/ is trusted.
At small scale, long-term operators know each other and know both the
what and the whether. At larger scale, they might develop a degree of
trust through history but not have any way of knowing what the other
side's signing policies are.
For reference, I think this topic is likely to be unproductive, given
how poorly concepts and practices of policies like this seem to fare.
But it seems interesting, gets raised periodically, and at least could
be a cleanly-handled topic if pursued this way. (Especially if it is
encoded as a separate header-field...)
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
