Restricted Third Party Signing Policy


Jim Fenton wrote on: 21 July 2005 11:37 a.m.

1. What signatures are required?  None, third-party, or first-party
(From: address) only?


The current "o=-" policy specification allows signing by third parties
without restriction.  This appears to open the way for any person to send
properly signed messages without any authorisation to use the particular
RFC2822 "From:" address.  

DKIM does not assume or enforce a relationship between the signing entity
(specified by the "i=" flag in the signature field) and the message
originator (RFC2822 "From:" or "Sender:" field).  This is left to the policy
of the message originator.

It would therefore seem useful to be able to specify a policy that allowed
*SOME* third party signatures, but did not allow an arbitrary third party to
sign.  Neither of the "o=-" or "o=!" policies appear to permit this.

Is there a practical way to specify a third party signing policy that
restricted valid signatures to a subset of all possible third parties?

James

<Prev in Thread]	Current Thread	[Next in Thread>
DKIM o=$ Outbound Signing Policy Suggestion, Hector Santos Re: DKIM o=$ Outbound Signing Policy Suggestion, Jim Fenton Re: DKIM o=$ Outbound Signing Policy Suggestion, Hector Santos Restricted Third Party Signing Policy, James Scott <= Re: Restricted Third Party Signing Policy, Jim Fenton

Previous by Date:	Re: nowsp considered harmful, Earl Hood
Next by Date:	Re: Restricted Third Party Signing Policy, Jim Fenton
Previous by Thread:	Re: DKIM o=$ Outbound Signing Policy Suggestion, Hector Santos
Next by Thread:	Re: Restricted Third Party Signing Policy, Jim Fenton
Indexes:	[Date] [Thread] [Top] [All Lists]