On January 19, 2006 at 03:10, "Hector Santos" wrote:
Sender-Signing Policy (SSP):
NONE (no policy)
o=? WEAK (signature optional, no third party)
o=~ NEUTRAL (signature optional, 3rd party allowed)
o=- STRONG (signature required, 3rd party allowed)
o=! EXCLUSIVE (signature required, no 3rd party)
o=. NEVER (no mail expected)
o=^ USER
...
Wouldn't be easier of the signer can assert a role so such checks
are not necessary by a list server? If the list server makes no
assertion against an (RFC-2822) originating address, it should be
able to sign all messages it distributes.
This would avoid list servers having to do SSP checks on each message
and avoid the problems of bad implementations getting the logic wrong
on when to sign and not to sign.
From an audit, and accountability, perspective it would be useful
that all list server software DKIM sign messages regardless of
any originating-address-based SSP. This way, list server software
can always assert what messages it distributes out regardless of
the originating author/sender.
--ewh
_______________________________________________
ietf-dkim mailing list
http://dkim.org