Some people unfortunetly never introduced tag (present for example in IIM)
specifying which server actually adds DKIM signature. This makes it
impossible to extend in the way you proposed as receiver would not know
server/network responsible for adding particular signature when email
is actually being proposed. As far as what you proposed about SPF I
would advise against it due to different identities being involed at
DKIM and SPF and mixing it up is a security hole that may only become
apparent long time in the future.
On Wed, 2 Aug 2006, Damon wrote:
I know that I am writing this a great risk of being flamed but the more I
think about it the better it sounds to me.
I believe that it will help with the "I sign some mail" and "I sign no mail"
issues.
What about using an additional tag to specify where I always sign mail from.
Such as "I always sign mail from servers on my SPF record or CIDR(s)"
_domainkey DNS TXT record adding the additional tag (w):
example._domainkey.example.com. IN TXT "g=; w=spf or (<cidr>[,<cidr>,...]);
k=rsa; p=<key>"
This way, domains can junk "I sign some mail" can specify that "I always
sign based on my (w) tag"
Flame away!
Regards,
Damon Sauer
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html