On Tue, May 12, 2020 at 11:14 AM Alessandro Vesely <[email protected]> wrote:
> On Tue 12/May/2020 19:09:55 +0200 Murray S. Kucherawy wrote: > > On Tue, May 12, 2020 at 9:30 AM Alessandro Vesely <[email protected]> > wrote: > >> On Tue 12/May/2020 17:48:38 +0200 Murray S. Kucherawy wrote: > >>> On Tue, May 12, 2020 at 1:20 AM Alessandro Vesely <[email protected]> > wrote: > >>>> On Mon 11/May/2020 20:23:12 +0200 Murray S. Kucherawy wrote: > >>>>> Indeed; why would I believe what any given domain claims in this tag? > >>>> > >>>> If you trust the domain, you can as well trust their tagging. > >>>> > >>> > >>> If you trust the domain, you don't need their tagging. > >> > >> Why not? I may trust gmail, say. Yet, in order to learn what > >> restrictions they apply to the From: I have to create an account and > try. > >> There is no standard location where they declare their policy in a > >> machine-readable manner, and policies written in legalese are even less > >> readable...>> > > > > What would you do with that information if you had it? > > I think I'd copy it to comments in the corresponding A-R header field. > That > would make A-R stanzas more eloquent. > So this is ultimately for human consumption? Now I'm really confused. > Maybe you're using a different definition of "trust" than I am. To me, "I > > trust gmail.com" means "I believe mail signed by gmail.com is > legitimate", > > irrespective of how they might handle their mail. > > > > Put another way: I believe I would only reach the opinion that I "trust" > > mail from a domain when I already know the thing(s) your tag(s) would > tell > > me. > > "Trust" and "legitimacy" are abstract terms deeply rooted in human senses, > i.e. > hardly machine readable. For a more pragmatic definition of trust, "I > trust > gmail.com" would mean "I believe that header fields written by gmail.com > are > true to life (up to transient bugs)". In that sense, if they stated that > the > From: corresponds to the login Id, I'd believe it. > I think you're agreeing with me, or I'm failing to see the difference. If you believe that header fields written by gmail.com are true to life, what more can these tags tell you? > Hey, what if gmail used different selectors for newcomers? > What would you do with that information? Or given your answer above, what would one of your users do with that information? -MSK
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
