----- Original Message -----
From: <Bill(_dot_)Oxley(_at_)cox(_dot_)com>
All,
As an ISP there are 2 things I will require to implement SSP or another
DKIM policy methodology
A. I only sign 3rd party
B. I sign exclusively any other sigs make mine broken
There can be other policies but I require those two and am
wondering why there seems to be a tremendous pushback on this.
+1.
I do have these points though:
For the "A. I only sign 3rd party" policy:
In the SSP draft, there is no semantics for this type of 3rd party policy.
The DSAP draft, provides all policy types, including this one:
OP=NEVER; 3P=ALWAYS
However, and this probably needs you to confirm what you mean depending if
your ISP business is hosting local domains, are you going to allow other
locally hosted domains signed mail as well?
If so, then it would seem to me that your operations policy will dictate
that your hosted local domains would have to define an OP=ALWAYS policy with
thier own DSAP record.
For example, you are hosting ABC.COM for us, based on your operation always
signing outbound mail, if I wanted to always signed mail with Doug's new
MUA DKIM plug-ins, then I would have to create (or you create) a DSAP policy
of:
OP=ALWAYS; 3P=ALWAYS;
But in general, because you always sign the outbound mail regardless of the
hosted domain policy, you would have to instruct/setup your customers to
have one of the following:
OP=NEVER; 3P=ALWAYS;
OP=ALWAYS; 3P=ALWAYS;
OP=OPTIONAL; 3P=ALWAYS;
The DKIM-DSAP verifier will honor all these conditions.
Make sense?
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html