At 3:44 PM -0400 8/18/06, Hector Santos wrote:
----- Original Message -----
From: "Paul Hoffman" <phoffman(_at_)proper(_dot_)com>
It sounds like what you and few other people want is an
SSP policy that says "if you receive a message that is
supposedly from this site (for some definition of "from")
and it doesn't have the mark that says that XYZ is
authorized to sign the message, assume the message
is forged". Is that a correct summary of the requirement you see?
If that is what the OA domain (FROM) declares, sure.
Good. Glad we can have a shorter description.
But first he has to first declare he allows others to sign.
Why? To me, the above requirement makes sense even for someone who is
going to sign their own messages.
It can be relaxed (unrestricted), so you also can allow for an open-ended
3rd party signer policy which is what you guys want.
If by "you guys" you mean DAC, it would be nice if you didn't put
words in our mouths. To be specific, DAC hasn't made any statements
on SSP because there is nothing to make statements on yet.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html