At the time DKIM base was designed and standardized, we wanted it to be a domain-level signature for a number of reasons, including privacy concerns. We also wanted to make it easy for domains to delegate signing authority to outside parties that might send newsletters and perform other outsourced services on behalf of the domain.
Delegating a key to an outside party that gives them the ability to sign any mail from the domain requires a great deal of trust. In order to lower the trust requirement to a level where key delegation might more readily happen, the g= tag in the keys was provided to allow a key to be delegated where the signing address could not be any address in the domain, but only those whose local-part matches the g= tag. The i= tag in the signature specifies what the signing address is; there is not a requirement that the signing address match any other address in the header. The only time that a local-part is required in the i= address is when the g= tag in the key being used restricts the signing address from being anything in the domain. Under all other circumstances, the local-part of i= MAY be supplied, or not, at the discretion of the signer. In that way, DKIM remains a domain-level signature except when needed to facilitate delegation. SSP attempts to match the signing address against the address in the From: header field in order to determine whether a given signature is an Originator Signature (that it represents the author of the message). In the great majority of cases, the local-part of i= will not be present, and this comparison will be based on domain name only. If the local-part of the From address isn't compared when there is a local-part of i=, a serious exploit is possible. Suppose a party to whom signing authority for a specific address, e.g., [EMAIL PROTECTED], signs messages allegedly from other addresses in the domain for which they are not authorized. While they could create a valid signature using [EMAIL PROTECTED], this should not be accepted by verifiers as an Originator Signature, any more than a signature from a completely different domain. Without the local-part comparison, this would be accepted as an Originator Signature counter to the domain owner's intent to delegate the key for a narrower use. If the intent is to enhance user anonymity, the local-part of i= should be left blank, so that it will match any local-part in the domain, and not populated with other tokens or identifiers. If the signer is interested in additional tracking information, either the t= timestamp can be used or a private tag can be added, since an unrecognized MUST be ignored by the verifier. -Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
