John R Levine wrote:
DKIM lets anyone sign any message, with no necessary connection between
the signing domain and the domain in any other header such as From: or
Sender:. By third-party signatures we mean signatures that don't match
the From: or don't match the Sender:, or don't match something else.
The definition in the current SSP draft is that a third-party signature
is a signature that doesn't match the From:. There is no reference to
Sender: or "something else".
The semantics as well as definition of third party signatures are, to put
it mildly, somewhat unclear. Some thought or actual experiments with such
signatures could be helpful.
I have done a lot of thinking about this; other thought or experiments
welcome. Given that SSP is the next document up for discussion in the
DKIM WG, I think this has progressed beyond "research", and I don't
think it's a good idea to fragment discussion between this mailing list
and that one.
-Jim
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg