----- Original Message -----
From: "Arvel Hathcock" <arvel(_dot_)hathcock(_at_)altn(_dot_)com>
To: <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Monday, July 31, 2006 12:28 PM
Subject: Re: [ietf-dkim] Re: 3rd party signing
If a message has a valid signature from the same domain as the From:
> domain, can SSP tell you anything useful? If you looked up the SSP on
> such a message and it said "we send no mail", who do you believe?
> (Keep in mind that if the signature is valid, the same DNS that had
> the SSP also had the DKIM key.)
Yes, yes. John is right. "We send no mail" does have an inherent
contradiction problem. Dumping it would rid us of that problem and
allow an optimization because we wouldn't have to do SSP queries in
cases where there's a valid signature on behalf of the From: domain.
-1. John is not right. He says he is an SSP fog and indicates he doesn't
understand, so how could he be right?
Anyway, a NO MAIL policy is clearly that. We send mo mail. There is
nothing to believe but what's expose in the Domains DNS storage. The only
harm is to the domain, and if we can't trust the DNS storage, then we got
more inherent problems with DKIM.
Think about it, if we can't trust SSP than why should we trust the DKIM
signature? The optimization comes by lowering your DKIM processing overhead
by avoiding such irregulaties that CLEARLY are very strong domain protection
policies.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html