Would it be better to change the o= values to be words instead of
single letters? I find the letters to not be very mnemonic and I
don't think we are that short on space.
That is why I used real words for META Signatures policies that go as
Do you have any suggestions for terms? I've seen these floating around for
the last 3-4 months:
NONE (no policy )
o=? WEAK (signature optional, no third party, see )
o=~ NEUTRAL (signature optional, 3rd party allowed)
o=- STRONG (signature required, 3rd party allowed)
o=! EXCLUSIVE (signature required, no 3rd party)
o=. NEVER (no mail expected)
[1} a NONE policy is possible where there is no declaration for a SSP.
 Arvel suggested another policy called WEAK which satisfies a
signature optional but not allowing 3rd party signers.
Its quite clear from above that one policy would be better represented
as separate components:
1. Signature required/optional:
2. 3rd parties allowed/not
(Or if you like o=STRONG/3PS | o=NEUTRAL/NO3PS | o=USER/USER)
I think there are legitimate cases when one may want to specify 3PS
as DENY for entire domain and not allow user policy to change.
Opposite cases can also exist, when one knows that all email from
domain would be signed but if 3ps signature is allowed or not is
dependent on particular user.
But personally I think this entire system with 3PS is broken [by design]
and the right thing to do is to work on such a system that original
signature would survive in 99% of the cases, which I think is quite
possible [Note: I see 99% as acceptable rather then MS's 80% rule]
P.S. Isn't anyone working on DKIM ever heard of database design and normal
forms? Most people who work on IETF protocols know how to properly separate
elements (especially those doing XML protocol work) and create flexible
protocols, but DKIM seems an exception to the rule...
ietf-dkim mailing list