Stephen Farrell wrote: > But if the delegator delegated its private key, or if the signer > supplied its public key to the delegator, then the buck might get > moved between them (from their, and not the verifier, perspective), > depending on the details of how the key delegation happened. > > For example, if there is >1 copy of the private key, then, in > buck passing terms, we just don't know which signer signed.
The buck stops with the d= string. How that string is administered is not a matter for public analysis. You appear to be introducing an expectation that a validator is supposed to be able to know exactly which entity, within the ADMD of the signing domain, actually performed the signing action. Since that is not something DKIM is designed to provide, per se, where does this expectation come from? d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
