----- Original Message ----- From: "Douglas Otis" <[EMAIL PROTECTED]> To: "Hector Santos" <[EMAIL PROTECTED]> Cc: <[email protected]> Sent: Thursday, July 27, 2006 11:28 PM Subject: Re: [ietf-dkim] requirements
> The draft uses the term domain without referencing which domain. It > is not clear whether domain refers to signing domain or the OA. > For example, the draft makes an odd statement: > ,--- > | The only case for reliability is when the DKIM > | signature is verified. However, even then, this > | valid signature may be done on a domain which > | did not authorize this signing process. > '-- I think I rephrase it. Thanks In short, it implies DKIM-BASE is based on a "Good Citizen" model where every "i is dotted" and every "t is crossed." But it lacks no security provisions for protecting against the most obvious of all DKIM failures - in this case as to relates the above statement - unauthorized signings. DSAP (DKIM Signature Authorization Protocol) is about securing the DKIM-BASE signing practice of the responsible domain. --- HLS _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
