SSP outbound signing policy

Should there be an outbound signing policy that says "I sign SOME mail butthird-party signatures are not permitted." It seems like there should beand that it should be the RECOMMENDED default. To use Hector's terminology,a RELAXED policy would allow the kind of signature-verified spoofed Fromheader talked about elsewhere on this list. The purpose of RELAXED (as Iunderstand) is for people who aren't sure they have all the bases covered.Until they are, RELAXED is the way to go. But, presumably, even if youdon't know all your outbound signing servers, they would be within yourdomain structure (thus of the form <x>.domain.com) so RELAXED would be okand "no third-party signing allowed" would also be ok.


Maybe we should add another policy of:

o=?  WEAK (signature optional, no third party)

Hector's legend for reference:

o=~ NEUTRAL or RELAXED (signature optional [,No 3rd party?])
o=-  STRONG  (signature required, 3rd party allowed)
o=!  EXCLUSIVE (signature required, no 3rd party)
o=.  NEVER  (no mail expected)
o=^  USER

--
Arvel

<Prev in Thread]	Current Thread	[Next in Thread>
SSP outbound signing policy, Arvel Hathcock <= Re: SSP outbound signing policy, Hector Santos Re: SSP outbound signing policy, Earl Hood Re: SSP outbound signing policy, Arvel Hathcock Re: SSP outbound signing policy, Hector Santos Re: SSP outbound signing policy, Earl Hood Re: SSP outbound signing policy, Michael Thomas Re: SSP outbound signing policy, Earl Hood Re: SSP outbound signing policy, Michael Thomas Re: SSP outbound signing policy, Jim Fenton Re: SSP outbound signing policy, Jim Fenton

Previous by Date:	Re: The cost of choices, Arvel Hathcock
Next by Date:	Re: alternate key server mechanisms, Douglas Otis
Previous by Thread:	Spoofing revisited, Earl Hood
Next by Thread:	Re: SSP outbound signing policy, Hector Santos
Indexes:	[Date] [Thread] [Top] [All Lists]