----- Original Message -----
From: "Paul Hoffman" <phoffman(_at_)proper(_dot_)com>
It sounds like what you and few other people want is an
SSP policy that says "if you receive a message that is
supposedly from this site (for some definition of "from")
and it doesn't have the mark that says that XYZ is
authorized to sign the message, assume the message
is forged". Is that a correct summary of the requirement you see?
If that is what the OA domain (FROM) declares, sure.
But first he has to first declare he allows others to sign.
It can be relaxed (unrestricted), so you also can allow for an open-ended
3rd party signer policy which is what you guys want.
But we also want the option to control the potential abuse this open-ended
3rd party signing can caused as it been shown can and will happen.
The SSP people provide all the OPTIONS, the relaxed and the strong, the
restricted and unrestricted, including the relaxed to no-policy concept you
guys seem to want.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html