On 01/19/2006 15:50, Michael Thomas wrote:
Earl Hood wrote:
On January 19, 2006 at 03:10, "Hector Santos" wrote:
Sender-Signing Policy (SSP):
NONE (no policy)
o=? WEAK (signature optional, no third party)
o=~ NEUTRAL (signature optional, 3rd party allowed)
o=- STRONG (signature required, 3rd party allowed)
o=! EXCLUSIVE (signature required, no 3rd party)
o=. NEVER (no mail expected)
o=^ USER
...
Wouldn't be easier of the signer can assert a role so such checks
are not necessary by a list server?
No. SSP is not for signed mail, it's for unsigned mail.
If it's a third party signature you still need to check SSP for EXCLUSIVE
policy.
If the list server makes no
assertion against an (RFC-2822) originating address, it should be
able to sign all messages it distributes.
Correct. Nothing needed to provide this, though the i= isn't explictly
saying what "role" (binding) it's providing (if any).
This would avoid list servers having to do SSP checks on each message
and avoid the problems of bad implementations getting the logic wrong
on when to sign and not to sign.
Receivers in general only need to do SSP if the message is unsigned.
List servers are no different.
ditto.
Scott K
_______________________________________________
ietf-dkim mailing list
http://dkim.org