Arvel Hathcock wrote:
> Well, I reviewed the archives for the period during which i= was added
> and could not find discussion of it. So I'm glad to hear you've done
> a more thorough review. This means that you can point me to the
> archives of the working group consideration of the issue?
I wouldn't waste any more time chasing this. Even if no such archive
exists, what is that but evidence that this issue is idiosyncratic or
has been deemed utterly unremarkable?
A lack of working group discussion is evidence of a lack of working group
awareness and most certainly a lack of explicit working group consensus.
The use of SSP for signed messages creates a series of functional interactions
that SSP's use on unsigned messages does not.
For a security protocol to skip analysis of interaction effects -- heck, for
any protocol function to do this -- seems a tad unusual, particularly when it
seeks to modify an existing critical infrastructure service.
The notion that "DKIM-Base is for signed mail while DKIM-SSP is for
unsigned (only)" has never been thinking in accord with any draft of SSP
which I remember reading or implementing. And it's clearly out of step
with where we are today.
Note that <http://www.imc.org/ietf-mailsig/mail-archive/msg02252.html> refers
to unsigned messages and not signed messages that do not match the From field.
NOTE WELL: This list operates according to