Mike,
As the topic title is stated it is a open-ended totally mangled concept. "I
sign everything" is not very clear and specific so as you saw, it is open to
a wide range of interpretations and I suggested asking for a "definition" is
not going to give you the result you are seeking.
The commonality in all the semantics is the idea of exclusive 1st party only
domain signatures versus allowing for 3rd party signatures.
That's been the argument say day one with the SSP stated policy tags:
! All mail from the entity is signed; Third-Party signatures
SHOULD NOT be accepted
Which I labeled for ease of communications, the EXCLUSIVE signing policy.
Yet, according to you, this semantic is not quite correct. It is not an
exclusive policy.
We made it more clear by breaking it up into two axle which many here got
excited with added their own ideas for describing it, including Tony Hansen,
Frank Ellerman, William, among others.
In DSAP, I wrote it up as:
OP=ALWAYS;3P=NEVER;
All the combinations are possible with using OP vs. 3P methodology and what
is really great about it is that the signer is free is to use whatever he
wants and it covers ALL possible USE CASES.
4.2. DSAP Tags: op=<signing-policy>; 3p=<signing-policy>;
From the viewpoint of the verifier, when a message is received, there
are two basic pieces of signature information to be of interest when
analyzing the transaction:
o Original Party Signatures (OP)
* never expected
* always expected
* optional
o 3rd Party Signatures (3P)
* never expected
* always expected
* optional
When the two signature types are combines, the possible policies are
listed in this following table:
+=================================================================+
| op= | 3p= | Domain Policy Semantics |
|=================================================================|
| empty | empty | No mail expected |
|-----------------------------------------------------------------|
| never | never | No signing expected |
| never | always | Only 3P signing expected |
| never | optional | Only 3P signing optional |
|-----------------------------------------------------------------|
| always | never | OP signature expected |
| always | always | Both parties expected |
| always | optional | OP expected, 3P may sign |
|-----------------------------------------------------------------|
| optional | never | Only OP signing expected |
| optional | always | OP expected, 3P expected |
| optional | optional | Both parties may sign. |
+-----------------------------------------------------------------+
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
----- Original Message -----
From: "Michael Thomas" <mike(_at_)mtcc(_dot_)com>
To: "IETF DKIM pre-WG" <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Friday, August 04, 2006 5:58 PM
Subject: [ietf-dkim] "I sign everything" is not a useful policy
What seems abundantly clear is that the unqualified policy "I sign
everthing"
is not useful as is, and is most likely harmful due to differences in
the way
that people interpret what that statement means.
I invite people for the requirements to make *precise* statements of the
fully qualified meaning in their heads about "I sign everything", and
preferably in a sentence or less as that is what the world is going to
actually think of when they deploy this.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html