On Tuesday 01 August 2006 02:10, Douglas Otis wrote:
On Mon, 2006-07-31 at 23:25 -0400, Scott Kitterman wrote:
On Monday 31 July 2006 21:22, John Levine wrote:
I think this is the key issue then and we ought to focus on it. In
my view almost the entire point of a signing policy is constraining
whose signatures are considered authorized by the domain owner.
I'm assuming that when you say authorized, you mean authoritative.
(English definitely has its shortcomings.)
I meant authorized, as I think the SSP concept is about authorization.
I can see where authoritative fits better as I wrote it. I'm not sure
there is a distinction between the two worth arguing about.
The last time policy was reviewed before starting to the base draft, the
conclusion was that policy is not an authorization function, rather
policy indicates what the identity uses or does. With that in mind,
John's terminology of "authoritative" better reflects that view.
Assume that the 2822.From domain indicates both the use of designated
domains and non-designated domains. Assume also that by definition
designated domains MUST employ DKIM, but that non-designated domains MAY
employ DKIM. A designated domain might also be defined as being
"authoritative" when it comes to concerns related whether the message is
being replayed or whether the identity header is valid. The same policy
may also indicate use of non-designated domains that are defined as "not
authoritative."
Your Authorization terminology is easily confused with what might be
implied by "authoritative." For either the designated or non-designated
domains, their indicated use might imply an "authorization of use" when
viewing policy as an authorization function. It seems better to avoid
referring to policy as "authorization" to keep the terminology
consistent and what is being indicated clear.
I don't recall that conclusion, but I'll stick with what I said the first
time:
I meant authorized, as I think the SSP concept is about authorization.
I can see where authoritative fits better as I wrote it. I'm not sure
there is a distinction between the two worth arguing about.
I'm leaving on vacationthis afternoon, so I'll leave you and the rest of the
WG to figure it out while I'm gone.
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html