Douglas Otis wrote:
The proposal for the 'w=?' parameter is to identity three
roles. The MSA, mediator, and MDA.
An MSA probably knows what it is, also if it delegates the
signing to an additional "mailout" MTA. I'm not sure about
mediator vs. MDA, do they always know what they are ? Is
that an important difference in your SSP-alternative ?
And do you really mean MDA, not maybe MRN ? If DKIM-aware
MRNs wish to reject mails based on DKIM-checks they can't
check at the MDA, they've to do it at their border (= MXs).
The MDA is intended to provide a non-deliverable signature
Shaky. I understand only very small pieces of your w-model,
if at all, but IIRC that part was about protection against
replay attacks abusing the signature of the sender.
In other words the sender has to trust that the receiver
gets this protection at his MDA (or before it) right.
there are more mediators than just list-servers.
Good, bad, and ugly (the latter for "canonicalization")
list servers, the "bad" cases also cover gateways. Then
forwarders, for DKIM they are all good, more or less the
opposite situation as with SPF, where lists are all good.
What other mediators do you have in mind ? The moderator
of an article submitted to more than one moderated group
could be a special case, and at the moment I can't say how
that works. But in essence they only add "Approved" until
either all moderators approved it, and the last injects it
into NetNews, or one of them rejects it.
Caught in my outbound: Of course, forwarders supporting
PRA try their magic with Sender or Resent-* header fields.
That could be also "bad". Why am I not surprised, sigh...
Bye, Frank
_______________________________________________
ietf-dkim mailing list
http://dkim.org