ietf-dkim
[Top] [All Lists]

RE: [ietf-dkim] A few SSP axioms

2006-07-31 18:38:55

As long as we all remember that bad actors can get a domain, populate
dkim keys and ssp then send spam until they are noticed and shutdown.
Policy will be by the receiver that a message that fails dkim/ssp is
flagged for a closer examination than a message that passes both dkim
and ssp but all mail will continue to be scrutinized.
Thanks,
Bill Oxley 
Messaging Engineer 
Cox Communications, Inc. 
Alpharetta GA 
404-847-6397 
bill(_dot_)oxley(_at_)cox(_dot_)com 


-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of John Levine
Sent: Monday, July 31, 2006 9:23 PM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Cc: ietf-dkim(_at_)kitterman(_dot_)com
Subject: Re: [ietf-dkim] A few SSP axioms

I think this is the key issue then and we ought to focus on it.  In
my view almost the entire point of a signing policy is constraining
whose signatures are considere authorized by the domain owner.

I'm assuming that when you say authorized, you mean authoritative.
(English definitely has its shortcomings.)

A few scenarios:

Message from domain A, signed by A; does SSP matter at all?

Message from A, signed by B; A's SSP says B signs all its mail

Message from A, signed by A and B; does SSP matter? (I hope not.)

Message from A, signed by C; SSP says nothing about C.

R's,
John
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html