Murray S. Kucherawy wrote: >> -----Original Message----- >> From: MH Michael Hammer (5304) [mailto:[email protected]] >> >>>> But creating a sub-domain, means that the from needs to match too, >>> Why? That's an ADSP thing, not a DKIM thing. >> >> I think his goal is to have it be a 1st party signature (From and d= >> match) even absent an ADSP assertion. I'm not sure I agree that this is >> just "an ADSP thing, not a DKIM thing". We don't publish ADSP yet I have >> had receivers tell me that our doing this is useful to them. > > In that case, it's neither. DKIM doesn't make a binding between > "d=" and anything else in the message (except "i=", sort-of).
Sort of? The difference is INVALID_SIGNATURE and thus NO_SIGNATURE results. > Anyone that tries to make a distinction between first party and > not first party is doing something outside the scope of DKIM. Until ADSP is not longer a chartered item or chair is arm twisted to officially shutdown the IETF WG Policy standardization efforts, it is still in scope to make that distinction. Lets not forget about threat analysis RFC that warns us about anonymous and unauthorized mail signing streams and how policy is one solution to this security problem. Even without Policy in the form of ADSP, when it is in the form of Trust is also POLICY concept. When you begin adding "independent trust assessment service" into DKIM scope and spec, this inherently introduces first vs third party distinctions. > A message stream, in the context of DKIM, should be evaluated > based on the "d=" value, and nothing else. We know this is the intent - trust the signer, trust the signer, trust the signer, and if you trust the the signer, nothing else matters,. But the unfortunately facts no matter how many times this mantra is rammed in, it still remains to be a very difficult concept to sell or prove that it the the only workable thing in town for evaluation. The basic problem is a high potential for lack of consistent high quality outputs. It is hard for any process in the world can get high quality output without having impurities filtering component. -- Hector Santos, CTO http://www.santronics.com http://santronics.blogspot.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
