Wietse Venema wrote: > Mark Delany: >> My problem is that if some valuable domain like paypal sends me a >> bunch of bits that I or my MUA or my MTA ties to paypal.com then the >> end goal of DKIM is, IMO, that those bunch of bits I "see" are the >> ones that paypal sent. No more, no less. > > But the user does not see a bunch of bits. The user sees the combined > result of software layers that render those bits. DKIM has no > control over that rendering process.
Well, not widely yet, but you do have Gmail and Yahoo Online MUA show info regarding valid signatures. That is a DKIM controlled input bit. We are almost ready to begin similar MUA changes as well starting with our Online MUA. But before we do that, we need to get a 100% clear indication of the expectations. Right now, it seems to be a low key item. > DKIM can only guarantee that "what you RECEIVED is what I signed". > To get "what you SEE is what I signed" semantics, one could do the > following: > > [SNIP] [SNIP] I see you have a funny bone in you. :) -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html