ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] "I sign everything" is not a useful policy

2006-08-04 18:05:05
The matrix only enumerates the possibilities, not who or why one would
select those possibilities, and what they're hoping a reciever will do with
the information.  It's the who and why we need answers for.

      Mike


Hector Santos wrote:

Mike,

As the topic title is stated it is a open-ended totally mangled concept. "I
sign everything" is not very clear and specific so as you saw, it is open to
a wide range of interpretations and I suggested asking for a "definition" is
not going to give you the result you are seeking.

The commonality in all the semantics is the idea of exclusive 1st party only
domain signatures versus allowing for 3rd party signatures.

That's been the argument say day one with the SSP stated policy tags:

 !  All mail from the entity is signed; Third-Party signatures
    SHOULD NOT be accepted

Which I labeled for ease of communications, the EXCLUSIVE signing policy.

Yet,  according to you, this semantic is not quite correct. It is not an
exclusive policy.

We made it more clear by breaking it up into two axle which many here got
excited with added their own ideas for describing it, including Tony Hansen,
Frank Ellerman,  William, among others.

In DSAP, I wrote it up as:

   OP=ALWAYS;3P=NEVER;

All the combinations are possible with using OP vs. 3P methodology and what
is really great about it is that the signer is free is to use whatever he
wants and it covers ALL possible USE CASES.

4.2.  DSAP Tags: op=<signing-policy>; 3p=<signing-policy>;

  From the viewpoint of the verifier, when a message is received, there
  are two basic pieces of signature information to be of interest when
  analyzing the transaction:

  o  Original Party Signatures (OP)

     *  never expected
     *  always expected
     *  optional

  o  3rd Party Signatures (3P)

     *  never expected
     *  always expected
     *  optional

  When the two signature types are combines, the possible policies are
  listed in this following table:

   +=================================================================+
   | op=         | 3p=        | Domain Policy Semantics              |
   |=================================================================|
   | empty       | empty      | No mail expected                     |
   |-----------------------------------------------------------------|
   | never       | never      | No signing expected                  |
   | never       | always     | Only 3P signing expected             |
   | never       | optional   | Only 3P signing optional             |
   |-----------------------------------------------------------------|
   | always      | never      | OP signature expected                |
   | always      | always     | Both parties expected                |
   | always      | optional   | OP expected, 3P may sign             |
   |-----------------------------------------------------------------|
   | optional    | never      | Only OP signing expected             |
   | optional    | always     | OP expected, 3P expected             |
   | optional    | optional   | Both parties may sign.               |
   +-----------------------------------------------------------------+

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com





----- Original Message -----
From: "Michael Thomas" <mike(_at_)mtcc(_dot_)com>
To: "IETF DKIM pre-WG" <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Friday, August 04, 2006 5:58 PM
Subject: [ietf-dkim] "I sign everything" is not a useful policy


What seems abundantly clear is that the unqualified policy "I sign
everthing"
is not useful as is, and is most likely harmful due to differences in
the way
that people interpret what that statement means.

I invite people for the requirements to make *precise* statements of the
fully qualified meaning in their heads about "I sign everything", and
preferably in a sentence or less as that is what the world is going to
actually think of when they deploy this.

         Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html



_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html