On Tue 12/May/2020 19:09:55 +0200 Murray S. Kucherawy wrote: > On Tue, May 12, 2020 at 9:30 AM Alessandro Vesely <[email protected]> wrote: >> On Tue 12/May/2020 17:48:38 +0200 Murray S. Kucherawy wrote: >>> On Tue, May 12, 2020 at 1:20 AM Alessandro Vesely <[email protected]> wrote: >>>> On Mon 11/May/2020 20:23:12 +0200 Murray S. Kucherawy wrote: >>>>> Indeed; why would I believe what any given domain claims in this tag? >>>> >>>> If you trust the domain, you can as well trust their tagging. >>>> >>> >>> If you trust the domain, you don't need their tagging. >> >> Why not? I may trust gmail, say. Yet, in order to learn what >> restrictions they apply to the From: I have to create an account and try. >> There is no standard location where they declare their policy in a >> machine-readable manner, and policies written in legalese are even less >> readable...>> > > What would you do with that information if you had it?
I think I'd copy it to comments in the corresponding A-R header field. That would make A-R stanzas more eloquent. > Maybe you're using a different definition of "trust" than I am. To me, "I > trust gmail.com" means "I believe mail signed by gmail.com is legitimate", > irrespective of how they might handle their mail. > > Put another way: I believe I would only reach the opinion that I "trust" > mail from a domain when I already know the thing(s) your tag(s) would tell > me. "Trust" and "legitimacy" are abstract terms deeply rooted in human senses, i.e. hardly machine readable. For a more pragmatic definition of trust, "I trust gmail.com" would mean "I believe that header fields written by gmail.com are true to life (up to transient bugs)". In that sense, if they stated that the From: corresponds to the login Id, I'd believe it. Hey, what if gmail used different selectors for newcomers? Best Ale -- _______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
