On Thu, 27 Jul 2006 16:33:42 -0700 Jim Fenton <fenton(_at_)cisco(_dot_)com>
wrote:
Scott Kitterman wrote:
On Thursday 27 July 2006 14:00, Bill(_dot_)Oxley(_at_)cox(_dot_)com wrote:
My requirements
I sign all
I sign nothing
I sign only 3rd party
I sign all and 3rd party
I sign some mail
My Policy/Practice
I sign all - every piece of mail purported to be from me must be signed
Must be signed by you are must be signed by anybody. If the latter,
it's
trivially spoofable unless you have a list of others that are authorized
to
sign.
Sure; third-party signatures will have a bigger dependence on
reputation/accreditation/whitelists/etc. than originator signatures.
Or a bigger dependence on policy. Leaving third party signatures to some
non-standardized reputation service would effectively make domains that
couldn't sign their own mail into second class internet citizens.
I think it much better to allow the policy protocol to enumerate which
third parties are acceptable so small domain holders can be on the same
footing as large.
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html