Again - this raises no new technical issue. So, let's please
wait and work on reqs-00's text,
Stephen.
Damon wrote:
Friends,
Let it never be said that I am inflexible and can't change my mind
from good arguments.
After a restless night thinking about this, I am going to change my
thoughts just slightly.
All email that has a munged sig or no sig that comes from an "I sign
all" domain should be expected not to reach its destination.
I want to see:
"I sign all" and/or these domains can sign for me. If the message is
not signed, it is expected by me that the messages will not reach its
destination.
"I sign none" Nothing from me at this domain should be signed. If it
is, it is expected by me that the message will not reach its
destination.
"I sign all" only from this domain(s) or _FDQN(s)_. Messages from this
domain(s) or FDQN(s) that are not signed are expected by me not to
reach their destination. However, messages coming from everywhere else
may or may not be signed. I expect that these messages will not be
effected under this policy.
I think that these policies should cover every scenario I can think of.
The FDQNs are important. As an admin who has several gateways at the
same domain, it would be nice to be able to route some mail fitting a
policy to a particular MTA to have it signed and delivered without
effecting my other mail.
If munging is too much of an issue, turn the policies off, fix the
problem, turn them back on. I don't think we should stop work just
because this _might_ happen. The benefits outweigh the risks.
Regards,
Damon Sauer
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html