Tony Hansen wrote:
1) always look for the SSP, as Hector suggests;
2) add information to the DKIM DNS record to indicate that
the SSP should always be looked for;
3) incorporate the SSP information into the DKIM DNS record;
or 4) some other ways I'm not thinking of at the moment.
Doug proposed to copy the SSP into the signature as shortcut
for any "check SSP only for valid signatures" strategy. If I
understood his proposal correctly. Apparently that has the
same effect as your point (3), and if possible (3) is better.
Of the first three, I'd lean towards #2.
How does that help receivers wishing to reject unsigned mails
with a STRONG or EXCLUSIVE SSP ? Where "unsigned" includes
"invalid" etc.
Bye, Frank
_______________________________________________
ietf-dkim mailing list
http://dkim.org