----- Original Message -----
From: "Michael Thomas" <mike(_at_)mtcc(_dot_)com>
To: "John R Levine" <johnl(_at_)iecc(_dot_)com>
John R Levine wrote:
> Well, OK. if a message has both a signature from the From: domain
and
> one from someone else, does that pass? Why or why not?
I've always interpreted this as it should pass. What would be
the reason that it shouldn't? That the other signature gave it
cooties?
Which one of the following processes is more optimal from a SMTP/DNS,
CPU processing perspective:
ProcessA() - SSP Lookup only for unsigned mail.
- Message Arrives
- Verification
- Perform DNS look to get Public Key
- Perform Hashing
- Signature is Valid
- OA SSP checking - NONE because it is a valid signature
- Message Accepted
ProcessB() - SSP lookup
- Message Arrives
- OA SSP Policy lookup
- EXCLUSIVE
- Two Signers found --> REJECT
I would think ProcessB() is more ideal, more efficient and 100% DKIM/SSP
compatible, and more importantly with a rejection result that is mostly
likely to be more correct than ProcessA() acceptance of an OA domain
policy voilation.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
ietf-dkim mailing list
http://dkim.org