On Wed, Oct 19, 2005 at 10:21:54AM -0400, Barry Leiba allegedly wrote: > I argue that "sensitive transactions" are not what DKIM is about. If > one wants to protect sensitive transactions, one should use S/MIME or > OpenPGP.
I'm not sure what term to use - "sensitive" seems insufficient - but clearly there is a class of email that DKIM is well suited to protecting. Bank statements, utility bills, auction notifications, are not amenable to S/MIME but are so to DKIM. We need a term for these, er, invariant-important mails. > That said, I wouldn't object to an additional, strict signing policy > that lists headers and asserts that they must match. I think it'd be > rather nice to say, "Only consider a message validly signed by us if > the signature verifies AND ALL of the following SMTP and header fields > represent our domain: HELO, MAIL-FROM, From, Sender, Reply-To [...]." > > What do others think of this? If a signer has to opt-in headers, the problem is that they don't necessarily know all headers significant to a recipient or their MUA. To be safe, a signer needs to be able to exclude any additions. Mark. _______________________________________________ ietf-dkim mailing list http://dkim.org
