Scott Kitterman wrote:
On Thursday 27 July 2006 15:13, Dave Crocker wrote:
Scott Kitterman wrote:
As we think through the definition of minimum, I think it important that
we consider the class of domains that are not supported by one or more
dedicated mail servers. ...
Is the concept of operations that these servers should sign using the
provider's key (so all signatures for the domain are 3rd party) or that
the provider should manage multiple keys to support per domain keys and
sign the messages first party for the domain?
Why should it matter whether the host is shared, or not? The question of
whether to have the provider do the signer or whether to have a content
agent (rfc2822.From or rfc2822.Sender) strikes me as important generally,
not just when the provider has more than one user domain sending from the
provider's platform.
If I send mail through the mail server of isp.example.com and they sign with
my key, it matters a GREAT deal to me if they also sign other people using my
name with my key. This may be largely an operational question, but the
protocols have to support getting a reliable answer to it.
I think I detect some old world thinking here. This is certainly the
case with
IP addresses, but don't see why it need be the cae with crypto. If the name
bound to a particular key doesn't do bad things, that really doesn't say
anything
about another name bound to the same key. Both identities can and probably
should accrue their reputations independently. Only after you had sufficient
evidence might it be a good idea to make an induction about a new identity
bound to that key.
In any case, DKIM allows either mode so I'm not sure what the problem is
here.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html