Hi Doug,
Douglas Otis wrote:
Stephen,
I will concede the term "policy" generally describes the SSP record.
Good. I think its easier if we use the same terms.
[...] Any "open" policy exposes the email-address
domain owner to unjustified complaint traffic.
No more than could happen today. I don't see any reason why complaints
will rise that couldn't happen right now.
> However, "closed"
policies also disrupt common email practices, and therefore are not
suitable for general use.
Probably not. But as I understand it, those are designed for special
(and not general) cases.
A large domain has an advantage that a smaller domain does not.[...]
I don't see how we can design a protocol to level that playing
field.
... This problem in general also runs afoul of a desire to
not force the publication of "open" policies creating a paradox.
I don't see any paradox unless you want one domain with both
an open and a closed policy.
There is a practical alternative to the SSP policy approach described in
the dkim-options that would entail far far less overhead and would not
impose the need for "open" policies.
I'll take a look.
On Jan 12, 2006, at 6:17 AM, Stephen Farrell wrote:
Some small nits then:
"Policies can be open or closed. Open policies define a set of
conformant messages and are silent about other messages. Closed
policies define the set of conformant messages and other messages do
not conform to the policy.
Policy is not checked when the email/signing domains match. Policy is
therefore silent when email/signing domains match. When email/signing
domains do not match, SSP indicates whether unsigned or foreign signed
messages are acceptable. With respect to open policies, _all_ such
messages are conformant and acceptable.
Nope. You're confusing the sender's policy statement with what
the verifier considers acceptable, which is out of scope.
I guess Jim can handle your other wordsmithing changes which
seem fine,
Cheers,
Stephen.
_______________________________________________
ietf-dkim mailing list
http://dkim.org