Dear Tony,
Use of DKIM offers a very poor authentication example, since this draft makes the same errors made in RFC5863. It is wrong to suggest the DKIM protocol permits associating a validated identifier to a message as stated in the Introduction. This is the same erroneous conflation of a message fragment with that of a message. In most cases, DKIM does not adequately protect message integrity as explained in http://tools.ietf.org/html/draft-otis-dkim-harmful-03. In addition, DKIM can not authenticate who is accountable for having sent the message which makes it impossible to safely assign reputation. As such, DKIM should never be referred to as a message authentication protocol. StartTLS would represent a much better example.
Regards, Douglas Otis |