ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] A more fundamental SSP axiom

2006-08-04 17:43:43

On Fri, 4 Aug 2006, Damon wrote:

I want to add a little more...

It would also be ok if there was an alternative that was useful... and
will just refer to my previous posts as to why I thing "I SIGN SOME"'s
value is not worth the expense.

Before you said you want "I sign some if it comes from this server/network". Coming back to this issues, the problem here
is that if signature was actually added and server name is
available you already know it signed it. If the signature is
missing you can't tell it came from that server unless you examine Received trace data (unreliable and per RFCs not to be used for
email processing although almost every anti-spam software in
practice violates this now..) or violate RFC2821 session/RFC2822
DATA separation.

Can you think of somethubg else for use in <here> you'd like to
see as part of either
 "I sign all" <here> but may not sign in other cases
 "I sign all" except <here>

Personally cases I see are:
 1. I either sign all myself OR these guys <list domains> sign on
    my behalf
    a. In some special cases it can also be I sign all myself AND
       one of these guys <list domains> will also sign it
 2. I always sign if it comes from[*] <list email address> but
    otherwise I may not add a signature
 3. I always sign when it goes to[*] <list email addresses> but
    otherwise I may not add a signature

[*] From and To are general concepts here and do not necessarilly
    imply "From" and "To" header field specifically

--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html