On 8/17/06, Wietse Venema <wietse(_at_)porcupine(_dot_)org> wrote:
Dave Crocker:
> To explore this approach a bit further, I'm going to wonder about the supposed
> need for an SSP check when a signature is present.
>
> If a signature uses a domain related to the author's domain, then we have
> no SSP issue. The author's domain is used for assessment. No SSP query need
be
> made.
[Plus a straightforward DNS-based delegation mechanism so that the
author's ISP can use a UNIQUE signing domain that relates directly
to the author's domain]
> If a signature is not present, THEN an SSP "I sign everything" record
might
> be useful (modulo the problem of surviving mailing list.)
>
> If a signature is present, but is not associated with the author's
domain,
> then make the assessment based on the signing domain, not the author's domain.
> Again, no SSP query is needed.
>
> OK. Start shooting...
I like this. This is very close to what I want: signed mail that
speaks for itself, whether it's first-party or third-party signed.
No batteries required.
Sounds good to me. But it's late... :-)
+1 anyway
Damon
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html