ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Are verifiers expected to query SSP on a successful verify?

2006-07-31 09:51:41


Mark Delany wrote:
I guess I had been making the assumption that an SSP query is only
necessary on a verification failure. Some of the conversations seem to
suggest that an SSP query will be needed regardless of the success of
the verify. Is that the case at all? The uncommon case? The common
case?


Mark,

This came up during the Montreal meeting.  I, too, had been assuming a nicely
symmetric distinction that used dkim-base for signed message and dkim-ssp for
unsigned ones.

Alas, it was pointed out to me that SSP does indeed have a requirement for a
lookup even when the message is signed.  This is when there is so-called
third-party signing.  (I believe this means when the domain in the rfc2822.From
does not make the DKIM d= domain.)

d/

-- 

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html