From: Stephen Farrell
[mailto:stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie]
Hi Phill,
Is that "exceptions" stuff a requirement that's been
discussed before? I don't recall it anyway.
It sounds a bit of an edge case, though, so I wonder if
there's broad support for that feature?
Its not so much a requirement as an attempt to demonstrate that the only thing
that the SSP policy need actually include is the statement 'A message always
contains at least n signatures'. I have already demonstrated that this works
fine for values of n from 1 to 5+.
What the exceptions stuff is intended to demonstrate is that we can catch the
edge cases as well, IF WE DECIDE WE NEED TO and address the case where n is
usually 1 or more but in certain exceptions n is zero.
My personal view is that this is not necessary and violates the 95/5% rule.
However I note that there are people who appear to be arguing that use cases of
this type are important. What I want to show is that we can have an
exceptionally simple policy record AND strong policy and that this model may be
extended IF NECESSARY to meet a very large number of edge cases.
Furthermore the 'simple but strong' approach makes a good case for the DKIM
record to be regarded as the master policy record for email since the policy
statement is vastly simpler and cleaner than SPF. All the policy record states
here is the set of security policies that are implemented for outbound mail. We
have no esoteric syntax, no bangs, apostrophes, percent signs or stuff.
This is a policy record that is simple and clean enough that it is easy to see
how it can be extended to serve other protocols. Given the metasyntax for the
inbound policy I can pretty much guess what the outbound policy statement would
be for typical configurations (e.g. SSL)
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html