On October 14, 2005 at 14:28, Barry Leiba wrote: > The DKIM working group will produce standards-track specifications > that allow a domain to take responsibility, using digital signatures, > for having taken part in the transmission of an email message and to > publish "policy" information about how it applies those signatures. > Taken together, these will allow receiving domains to detect (or rule > out) spoofing in many circumstances.
I think there is a mixture of two things in the above: claiming responsibility and anti-spoofing. Claiming responsibility can be a different operation from any anti-spoofing operation. There appears to be a leap-of-faith in stating, "receiving domains to detect (or rule out) spoofing in many circumstances." Especially the use of "many". It may be better to state: The DKIM working group will produce standards-track specifications that allow a domain to take responsibility, using digital signatures, for having taken part in the transmission of an email message and to publish "policy" information about how it applies those signatures. Taken together, these will assist receiving domains in detecting (or ruling out) certain forms of spoofing as it pertains to the signing domain. In sum, we should be careful in mentioning anything about anti-spoofing unless anti-spoofing is a major goal. If it is, it may help to mention what forms of spoofing are to be addressed. The first sentence of the paragraph seems to imply that only hop-based spoofing will be addressed. --ewh _______________________________________________ ietf-dkim mailing list http://dkim.org
