On Mar 27, 2009, at 8:04 AM, Tony Hansen wrote: > Siegel, Ellen wrote: >> Sorry for top-posting, but couldn't we sidestep all of the analysis >> by simply saying that the *syntax* (rather than the *semantics*) >> matches that of domain names? > > When all is said and done, it's the combination of the "selector > +_domainkey + SDID" that must be a valid domain name whose TXT > records can be accessed using DNS. This is the *only* name out of > all of these that MUST be in the DNS.
A valid DKIM signature confirms the signing agent is controlled by the domain indicated in SDID. A valid signature also establishes an authority to assert UAID values that must reside at or under the domain. (A valid DKIM signature verifies the UAID assertion by the SDID.) When UAID values do not match against email-addresses within signed header fields, portions of the UAID namespace below the SDID may not represent an valid email destination. However, the UAID value always represents an SDID identifier for on whose behalf their signature was added. The SDID value could be seen as analogous to a State issuing a drivers license. A valid signature could be analogous to untampered laser- scribed laminate and seals. The License Number could be analogous to that of the UAID, where it might be replaced by a State email-address of the driver. Such replacement can be denoted by its use within signed header fields. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
