Yes, much better!
--
Arvel
----- Original Message -----
From: "Earl Hood" <earl(_at_)earlhood(_dot_)com>
To: <ietf-mailsig(_at_)imc(_dot_)org>
Sent: Wednesday, July 27, 2005 11:59 PM
Subject: Re: SSP - when to perform
On July 27, 2005 at 23:03, "Arvel Hathcock" wrote:
We need clearer text in the SSP draft siting when a check is required and
when it isn't.
Exactly.
Perhaps this language could clear it up some:
"Sender Signing Policy Checks MUST be based on the Originator Address and
are REQUIRED in the following situations:
a) all unsigned messages MUST perform a Sender Signing Policy Check
b) all signed messages in which there are no verifiable signatures MUST
perform a Sender Signing Policy Check
b) all signed messages which contain a verifiable signature in which the
domain of the signing entity is not the same as or a parent domain of the
Originator Address MUST perform a Sender Signing Policy Check
Good start, but since you state MUST and REQUIRED before the list,
no need to restate them again. How about:
A Sender Signing Policy Check based upon the Originator Address
MUST be performed on a messag if one of the following conditions
are met:
a) Message is unsigned.
b) Message is signed but fails signature verification.
b) Message contains a valid signature where the signing entity
domain is not the same as, or a parent of, the domain of the
Originator Address.
...
--ewh