ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ietf-dkim] A few SSP axioms

2006-08-01 20:24:27
from [Bill.Oxley] [Permanent Link] 
If I understand this right, a local domain that relays thru my 3rd party
MTA may have its own signing policy. I then sign as 3rd party, an ssp
lookup on example.com sees the third party only policy and also a
foo.example.com shows a relaxed signing policy. Both sigs decrypt as
valid. That is a good receiver policy indicator.
Thanks,


Bill Oxley 
Messaging Engineer 
Cox Communications, Inc. 
Alpharetta GA 
404-847-6397 
bill(_dot_)oxley(_at_)cox(_dot_)com 


-----Original Message-----
From: Hector Santos [mailto:hsantos(_at_)santronics(_dot_)com] 
Sent: Tuesday, August 01, 2006 10:48 PM
To: Oxley, Bill (CCI-Atlanta); ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] A few SSP axioms


----- Original Message -----
From: <Bill(_dot_)Oxley(_at_)cox(_dot_)com>



All,

As an ISP there are 2 things I will require to implement SSP or

another

DKIM policy methodology

A. I only sign 3rd party

B. I sign exclusively any other sigs make mine broken

There can be other policies but I require those two and am
wondering why there seems to be a tremendous pushback on this.


+1.

I do have these points though:

For the "A. I only sign 3rd party" policy:

In the SSP draft, there is no semantics for this type of 3rd party
policy.

The DSAP draft, provides all policy types, including this one:

    OP=NEVER; 3P=ALWAYS

However, and this probably needs you to confirm what you mean depending
if
your ISP business is hosting local domains, are you going to allow other
locally hosted domains signed mail as well?

If so, then it would seem to me that your operations policy will dictate
that your hosted local domains would have to define an OP=ALWAYS policy
with
thier own DSAP record.

For example, you are hosting ABC.COM for us, based on your operation
always
signing outbound mail,  if I wanted to always signed mail with Doug's
new
MUA DKIM plug-ins, then I would have to create (or you create) a DSAP
policy
of:

     OP=ALWAYS; 3P=ALWAYS;

But in general, because you always sign the outbound mail regardless of
the
hosted domain policy, you would have to instruct/setup your customers to
have one of the following:

     OP=NEVER; 3P=ALWAYS;
     OP=ALWAYS; 3P=ALWAYS;
     OP=OPTIONAL; 3P=ALWAYS;

The DKIM-DSAP verifier will honor all these conditions.

Make sense?

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com






_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] A few SSP axioms, Hector Santos
Next by Date:  Re: [ietf-dkim] A few SSP axioms, John Levine
Previous by Thread:  Re: [ietf-dkim] A few SSP axioms, Hector Santos
Next by Thread:  Re: [ietf-dkim] A few SSP axioms, John Levine
Indexes:  [Date] [Thread] [Top] [All Lists]