On Feb 13, 2009, at 1:56 PM, Dave CROCKER wrote: > You left out a key, alternative consideration, for ADSP, that it > should be changed to use d=, rather than i=. With a clarification > of the roles of d= and i=, as DKIM signature output, relying on i= > by ADSP can reasonably be subject to re-evaluation. Was your > omission intentional?
May I add-- Changing ADSP to use d= rather than i= restores single signature compatibility with RFC 4871. :^) Asserting by errata or some related document that valid and token namespace that overlap within the same message is a violation of RFC 4871, would also establish the relationship intended by ADSP without also mandating email-address affirmation. Whether the i= namespace represents a valid address could be deduced by discovering that the i= value matches with an email-address within a signed header field. Having an i= relationship with valid email- addresses conditioned upon the existence of some DNS record makes processing clumsy, and removes non-repudiation. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
