On Thursday 27 July 2006 15:13, Dave Crocker wrote:
Scott Kitterman wrote:
As we think through the definition of minimum, I think it important that
we consider the class of domains that are not supported by one or more
dedicated mail servers. ...
Is the concept of operations that these servers should sign using the
provider's key (so all signatures for the domain are 3rd party) or that
the provider should manage multiple keys to support per domain keys and
sign the messages first party for the domain?
Why should it matter whether the host is shared, or not? The question of
whether to have the provider do the signer or whether to have a content
agent (rfc2822.From or rfc2822.Sender) strikes me as important generally,
not just when the provider has more than one user domain sending from the
If I send mail through the mail server of isp.example.com and they sign with
my key, it matters a GREAT deal to me if they also sign other people using my
name with my key. This may be largely an operational question, but the
protocols have to support getting a reliable answer to it.
You are correct that there are some broader questions buried in here, but the
shared server scenario is probably the most complex common use case and I
think it important that we support it.
The essential question is whose reputation (accreditation, certification,
etc.) is to be used. It might well be that there should be a signature by
EACH of the relevant domains, in order to call on reputation information
both for the author as well as for the originating provider.
No. The question for this policy discussion is who's policy gets used, how is
it interpreted and finally ... lets make sure that messages don't get
attributed to the wrong domain for reputation, etc. purposes.
NOTE WELL: This list operates according to