?? delegation of signing capabilities
Disagree
This is actually a show-stopper must have for the ESTG
group. Most of
the commercial participants in the group use outsourced
email senders
for at least some marketting campaigns. Third party signature
capability is actually a differentiator against SPF.
Well, in that case I want to see some charter text which
stops us from defining a full-blown authorization
infrastructure. My intent was to stop us from defining such a
protocol to allow one to authorize delegation, but that
verifiers could of course recognize a delegation if they so
choose - its just that the protocol which informs the
verifier about the delegation wouldn't be part of dkim.
OK this sounds more like saying we are not going to support the
provisioning protocols for delegation. I agree here.
What people do consider necessary is a policy tag on a key record that
specifies something like 'this key can only sign email from
marketing(_at_)example(_dot_)com so that the bulk mailer hired to do a promo
can't
then impersonate the CEO.
More generally I think that instead of enumerating what we won't do we
should enumerate what we will do explicitly and say we will not do
anything else.
Phill
_______________________________________________
ietf-dkim mailing list
http://dkim.org