ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: 3rd party signing

2006-07-28 12:11:10
But suppose example.com is not a customer of isp.com but yet a message
from example.com has a valid signature from isp.com.  Are you saying
that Y! should say that it believes it came from example.com, based on
the assertion by isp.com that it only signs third-party messages?

We certainly seem to have a lot of ambiguity if not confusion about terminology.

If a receiver is going to be looking up SSP data, is it going to look up the domain in a message's signature? In the From: line? In some PRA-ish function of various headers? All of the above? Some of the above in a fixed order? Some of the above in an implementation-dependent order?

Can an additional signature ever decrease a message's reputation? I would argue no.

If a message has a valid signature from the same domain as the From: domain, can SSP tell you anything useful? If you looked up the SSP on such a message and it said "we send no mail", who do you believe? (Keep in mind that if the signature is valid, the same DNS that had the SSP also had the DKIM key.)

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for 
Dummies",
Information Superhighwayman wanna-be, http://johnlevine.com, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html