On 8/30/2023 1:21 AM, Alessandro Vesely wrote:
On Wed 30/Aug/2023 07:35:08 +0200 Murray S. Kucherawy wrote:
On Tue, Aug 29, 2023 at 8:11 PM Dave Crocker <d...@dcrocker.net> wrote:
On 8/29/2023 7:46 PM, Grant Taylor wrote:
On 8/29/23 9:02 PM, Dave Crocker wrote:
Why not re-use the existing DKIM solution, just with a different
domain / set of keys?
Because it does not provide the affirmative information that I am
postulating/guessing the originating platform can supply.
I have to agree. It's compelling to consider that a high-trust
domain might flag something for my extra consideration. This could
be done per-message, rather than per-key, which was Grant's
counterproposal; the equivalent is to generate a selector per
message, which appears at least on the surface to suffer problems of
scale.
The affirmative information can be provided by using semantic
subdomain names, whose purpose and meaning has been registered. See
the strawman here:
https://mailarchive.ietf.org/arch/msg/ietf-dkim/ez0PYqMdCDoR4-sN2toPGObMMFI
Except that there are no semantics to the domain naming components in
DKIM, beyond the ones already defined.
Whatever naming choices a signer might make, the validator has no access
to their meaning.
It's a bit like the www convention for domain naming. Humans associate
an intention to it, but computers don't.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
mast:@dcrocker@mastodon.social
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim