ietf-dkim
[Top] [All Lists]

[ietf-dkim] Re: Attempted summary, SSP again

2006-01-27 06:28:34
John Levine wrote:
 
I'm increasingly getting the impression that we don't really
understand the semantics of SSP.  If a domain uses SSP to say
that it signs everything, and a message from that domain has
both the domain's signature and someone else's, is that OK?

I can easily imagine interpretations of SSP that would go
either way.

I'd guess OK.  The problem is the first figure in Jim's draft,
it doesn't directly indicate that mediators have to check the
SSP before they add their signature.

Indirectly it is clear, Jim's figure is actually for the case
MON -> MRN.  For a mediator = ( MRN + MON ) the figure has to
be doubled:  MON -> ( MRN + MON ) -> MRN.

So in the case of a mediator it's _first_ "ceck signature", if
valid check SSP, and _then_ afterwards maybe add own signature.

For the WEAK idea it needs to "check SSP" even if there is no
(valid) signature.
                           Bye, Frank


_______________________________________________
ietf-dkim mailing list
http://dkim.org