Wietse Venema wrote:
Hallam-Baker, Phillip:
I think it is entirely likely that bigbank.com would have a situation
where the mail servers for its east coast offices were adding
signatures but the ones for the west coast were not. The part that is
less easy to see is whether there is value to the short term fix. It
is probably easier to just do the deployment.
But it is not certain that this will be the case.
Wietse:
This hypothetical bank can use the hypothetical "I sign some
of my mail" policy until the DKIM roll-out is complete, and
then transition to the "I sign all my mail" policy.
A per-user mechanism is not the obvious solution for this problem.
Hallam-Baker, Phillip:
What is the difference on the recipient side between 'I sign no
mail' and 'I sign some mail'?
I understand that "I sign some of my mail" is equivalent to not
expressing a signing policy at all, and therefore redundant. I
don't understand the purpose of 'I sign no mail', but I suspect
that it is just as useless as "I sign some".
The utility of "I sign some" is not in the policy itself, but in the
*discovery*
part of the protocol: when you find _any_ valid record, you know that you
can stop looking for one. Depending on the tree walking aspects of the
discovery
mechanism, this could be a useful thing. Maybe it would be better to do
this by not
expressing any policy/practice in the otherwise valid to get this
functionality so as
not to confuse the issue with the semantics of "I sign some" which
doesn't seem to
mean much.
I have no idea what use "I sign no mail" has.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html