On 5/22/2011 10:27 AM, John R. Levine wrote: >>> through a separate, value-added mechanism. My own preference would be for >>> using >>> a special header-field that contains the cert, with the specification of >>> using >>> such certs as saying that they are enabled when included in the set of h= >>> covered header fields. > > I don't see how this is functionally different from VBR. In both cases the > signer assserts that the message is certified by foo.
Sorry, no. VBR queries are about an actor, not a message. Certs can be coupled to a particular message -- this was an interesting semantic distinction about Goodmail's certification scheme -- although I believe that typically they, too, are only scoped to the actor, not the specific content. Mechanically, there are useful distinctions between in-band carriage of third-party information -- that is, carried with the message -- versus independent query, such as to the DNS. The distinctions variously can entail benefits, costs or limitations. > It occurs to me that since mail certification is likely to make assertions > about > behavior as well as identity, the SSL model in which certs last for a year > won't I believe most certification work is actually about behavior, except when the identity-related certification couples one identifier to another (or, my familiarly, one identifier to an identity.) d/ ps. none of this has anything to do with the current DKIM wg tasks, of course... -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
