On Feb 22, 2006, at 11:42 AM, SM wrote:
At 09:52 22-02-2006, Douglas Otis wrote:
While the signing-domain can take effective actions, please
attempt to list the actions the email-address domain owner may take?
The owner is responsible for the signing policy and may wish to
determine the impact of the policy.
Could you describe how this would work, and what would be reported?
Hand waving does not help.
Consider the effect of only having report vectors referenced from
the email-address domain, rather than the signing-domain who is
able to take effective action to correct a full range of problems
that might be reported.
This discussion seems to be about "Should we have an r= tag in
either the signature or key record"
The 'r=' tag does no belong in the signing policy record, as this
will only invite abuse. However there is not enough space within the
key as it is now. Adding a report vector to the key would only make
this problem worse. As these are public email-addresses in the
signing policy records, there would be few advantages over simply
having a convention such as dkim-postmaster(_at_)(_dot_) If the key used a
different RR record type from a RR that stored the report vector at
the same location as the key, then there would be an advantage.
Unless someone received a message from the domain, they would not
know where to look for the report vector. : )
A report vector acquired from the signing-domain would concern
_only_ messages they have signed, and not messages that happen to
contain an email-address within their domain.
Are you talking about reporting DKIM signatures that cannot be
verified? If so, I don't see how you can trust the report vector
acquired from the signing-domain.
If the key selector located the report vector, this could be one
reason to trust the message over that of just some anonymous message
with a bad signature.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html