John Levine wrote:
Yes. What I want as a small domain owner is the ability to publish a
policy record that say that for mail sent (for some definition of sent that
we will probably have to argue about later) from my domain, the domain(s)
authorized to sign are ...
Once again I ask: what possible use could a recipient make of this
assertion?
If your ISP signs your mail and, for whatever reason, the recipient likes
the ISP's domain, they'll accept your mail. If not, they'll filter or
reject it. How would an SSP assertion change that?
On the other hand, if your mail passes through some other relay or
forwarder which signs your mail on the way through, would you want the
recipient then to reject your mail? If so, why? If not, what point
is there to publish a list of signers?
I assume his concern was with unsigned (or maybe even DKIM-signed?)
mail from a bad actor, purporting to be from his little domain.
If the verifier looked up the little domain's SSP and found that e.g.
all mail from little domain is supposed to be signed by the ISP then
they might more easily detect bad stuff (ignoring real signatures from
the ISP that get broken for now).
Whether or not the work for a bad actor to create a message with what
looks like a broken signature from the ISP is a big enough deal is a
valid question. Since SSP helps automate this, the bad actor's code
can take advantage too. I don't claim to know where the right balance
lies there.
Anyway I guess this is just another argument to require support for
inclusion of some kind of allowed-signer list in SSP statements, and
maybe also for a requirement that the SSP statements should be able
to be "sourced" independently of key records. I guess the WG should
consider both requirements and adopt 'em or drop 'em, so including
them for now is probably right.
Stephen.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html