Ian Eiloart wrote:
2) We should consider a 5617bis (ADSPbis) to codify its semantics
regarding Author Domain only signature policies to include a:
Always sign by *anyone* Policy.
Currently 5617 (ADSP) defines the two policies:
all All mail from the domain is signed with an Author
discardable All mail from the domain is signed with an Author
Many people felt we were missing the "Signed by Anyone" concept which
did not help "authorized" 3rd party signers or the list servers who
are going to be resigning. To compensate, many viewed ADSP=ALL to
mean it allowed any signer, not just the Author Domain as defined by
So, that would mean that anyone is allowed to spoof my 5322.From
address, provided that they sign the message, would it? I'm not sure I
could think of a useful application for that feature.
Perhaps "ADSP=anyof:example.com, example.org..." would make the system
more useful. Heck, one might even say "anyof:*", if one really wanted.
Perhaps and this has been proposed in the 2006 DSAP I-D, Doug's has
similar TPA (Third Party Authorization) and I recently tried to rewake
the DSAP idea for ADSP as an extension called ASL (Allowable Signer List).
ADSP allows extension, so a DNS record like
DKIM=all; x-asl=mipassoc.org, gmail.com
would say, that I sign all my mail, and allow those other domains to
However, this can be potentially be a high overhead/management for
large companies with many employees using different list servers. I
think it fits the millions more market place of small to mid size
domains or private domains that may outsource a one or more third
party signers or use a few professional or trade support list forums.
If you think this is something to pursue, +1 it because I am trying to
see if its worth the effort to reintroduce it.
Hector Santos, CTO
NOTE WELL: This list operates according to