ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] SSP complications, wa The URL to my paper ...

2006-07-30 09:23:32


Dave Crocker wrote:

Stephen Farrell wrote:
 > I assume his concern was with unsigned (or maybe even DKIM-signed?)
mail from a bad actor, purporting to be from his little domain.

If the verifier looked up the little domain's SSP and found that e.g.
all mail from little domain is supposed to be signed by the ISP

What proposed SSP flags, configuration and usage will enable a receiver to know
that a particular (rfc2822.From?) domain's messages must be signed by a
particular ISP?

I would assume that were the WG to adopt that requirement then there'd
have to be some way to retrieve a list of signer identities of some
sort based on the rfc2822.From value along with a flag indicating that
all messages must be signed by one of the listed signers. Something
like that anyway.

The fact that the signer in the example is an ISP and not something
else is incidental, i.e. I didn't interpret the use-case as calling
for signer-roles or the like.

S.
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>