william(at)elan.net wrote: > > On Thu, 26 Jan 2006, Mark Delany wrote: > >> Right. So the question is, can a signature be constructed such that it >> doesn't interact with SSP to infer a binding above and beyond "I claim >> it passed through me"? > > Make 'i' optional. 'i' is optional, but takes the value @d if it is missing. > > My preference however is to have field in signature that specifies > what type of email parameter the signature is associated with (i.e. > see 'id' segment of metasignatures). If we know this, presumably one could tell, for example, whether a signature came from a mailing list. But it's the signer's assertion what their role is: one might imagine setting up a rule, "I'll accept any messages re-signed by mailing lists." So the Bad Actors will just start adding a few more headers, and all of a sudden you're getting lots of mail from the [EMAIL PROTECTED] mailing list, with messages from "people" talking about what great deals they got.
Since there's no way to know what the role of the signer really is, it's not a useful piece of information. What is useful is who the signer is, and then the verifier or recipient might recognize it: Oh, it's signed by mipassoc.org, which gives the responsible address as [EMAIL PROTECTED] I know that's a mailing list. -Jim _______________________________________________ ietf-dkim mailing list http://dkim.org
