ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ietf-dkim] Attempted summary, SSP again

2006-01-27 12:10:27
from [Hallam-Baker, Phillip] [Permanent Link] 
I suggest that a good way to try to focus the discussion here would be
to abandon the punctuation syntax while we discuss the semantics, work
out what semantics should be there and then decide whether the
punctuation syntax is worth keeping.

I would also suggest that meta discussion, that is discussion about
whether we should be having a discussion on a particular topic cease
unless it comes from the chairs. It is quite reasonable to point out to
a poster that their point has been made and rejected, telling them that
their point should not be debated yet serves no useful purpose.


In my view the design of the policy statement should be based on the
folowing principles:

* It is the exclusive right of the domain name owner to decide 
  how the domain name is used.
        * for the purpose of the spec the domain name owner should 
          be presumed to be the party that controls the DNS records
        * The domain name owner can decide the importance of edge 
          cases such as mail that does not pass through the
          approved gateways.

* A policy record does not modify the semantics of a DKIM digital 
  signature
        * The semantics of the signature are exclusively defined by the
          DKIM signature header and the referenced key record (or other
          key distribution/assertion mechanism referenced in the header
          or key record)

* The purpose of a policy record is to assist a recipient interpret
        the absence of a valid signature record.

* A policy record describes the intended outbound signing policy of 
  the sender.
        SEND = ALWAYS | SOMETIMES{detail} | NEVER SIGN | NEVER SEND

* A policy record may contain additional information to guide
interpetation
  of the absence of a signature, for example that the sender is a 
  frequent target of phishing attack.
        TARGET = PHISHING{detail}

* A policy mechanism may advertise support for specific incident
reporting
  mechanisms in the case that an invalid signature is found.
        REPORT = RID | ...

* A policy mechanism may specify certain characteristics of a valid
signature,
  for example the signature algorithm used &ct.


_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] Re: canonicalization, Frank Ellermann
Next by Date:  [ietf-dkim] Re: Attempted summary, SSP again, Frank Ellermann
Previous by Thread:  [ietf-dkim] Re: Attempted summary, SSP again, Frank Ellermann
Next by Thread:  Re: [ietf-dkim] Attempted summary, SSP again, Stephen Farrell
Indexes:  [Date] [Thread] [Top] [All Lists]