Earl Hood wrote:
On January 19, 2006 at 03:10, "Hector Santos" wrote:
Sender-Signing Policy (SSP):
NONE (no policy)
o=? WEAK (signature optional, no third party)
o=~ NEUTRAL (signature optional, 3rd party allowed)
o=- STRONG (signature required, 3rd party allowed)
o=! EXCLUSIVE (signature required, no 3rd party)
o=. NEVER (no mail expected)
o=^ USER
...
Wouldn't be easier of the signer can assert a role so such checks
are not necessary by a list server?
No. SSP is not for signed mail, it's for unsigned mail.
If the list server makes no
assertion against an (RFC-2822) originating address, it should be
able to sign all messages it distributes.
Correct. Nothing needed to provide this, though the i= isn't explictly
saying what "role" (binding) it's providing (if any).
This would avoid list servers having to do SSP checks on each message
and avoid the problems of bad implementations getting the logic wrong
on when to sign and not to sign.
Receivers in general only need to do SSP if the message is unsigned.
List servers are no different.
From an audit, and accountability, perspective it would be useful
that all list server software DKIM sign messages regardless of
any originating-address-based SSP. This way, list server software
can always assert what messages it distributes out regardless of
the originating author/sender.
Yep. That would indeed be very nice.
Mike
_______________________________________________
ietf-dkim mailing list
http://dkim.org