ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Change the SSP o= to use words, break out 3rd party?

2005-11-08 00:07:45

Would it be better to change the o= values to be words instead of
single letters?  I find the letters to not be very mnemonic and I
don't think we are that short on space.

That is why I used real words for META Signatures policies that go as
SPF modifiers.

Do you have any suggestions for terms?  I've seen these floating around for
the last 3-4 months:

SSP Policies:

        NONE (no policy [1])
   o=?  WEAK (signature optional, no third party, see [2])
   o=~  NEUTRAL (signature optional, 3rd party allowed)
   o=-  STRONG  (signature required, 3rd party allowed)
   o=!  EXCLUSIVE (signature required, no 3rd party)
   o=.  NEVER  (no mail expected)
   o=^  USER

[1} a NONE policy is possible where there is no declaration for a SSP.

[2] Arvel suggested another policy called WEAK which satisfies a
signature optional but not allowing 3rd party signers.

Its quite clear from above that one policy would be better represented
as separate components:
 1. Signature required/optional:
   sig=MUST/SHOULD/NEVER/USER (sig=STRONG/NEUTRAL/NEVER)
 2. 3rd parties allowed/not
   3ps=ALLOW/DENY/USER

(Or if you like o=STRONG/3PS | o=NEUTRAL/NO3PS | o=USER/USER)

I think there are legitimate cases when one may want to specify 3PS
as DENY for entire domain and not allow user policy to change. Opposite cases can also exist, when one knows that all email from domain would be signed but if 3ps signature is allowed or not is dependent on particular user.

But personally I think this entire system with 3PS is broken [by design] and the right thing to do is to work on such a system that original
signature would survive in 99% of the cases, which I think is quite
possible [Note: I see 99% as acceptable rather then MS's 80% rule]

P.S. Isn't anyone working on DKIM ever heard of database design and normal forms? Most people who work on IETF protocols know how to properly separate elements (especially those doing XML protocol work) and create flexible protocols, but DKIM seems an exception to the rule...

--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
ietf-dkim mailing list
http://dkim.org