ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] user level ssp

2006-09-07 08:55:02
Wietse Venema wrote:

Hallam-Baker, Phillip:
I think it is entirely likely that bigbank.com would have a situation where the mail servers for its east coast offices were adding signatures but the ones for the west coast were not. The part that is less easy to see is whether there is value to the short term fix. It is probably easier to just do the deployment.
But it is not certain that this will be the case.

Wietse:
This hypothetical bank can use the hypothetical "I sign some of my mail" policy until the DKIM roll-out is complete, and then transition to the "I sign all my mail" policy.
A per-user mechanism is not the obvious solution for this problem.

Hallam-Baker, Phillip:
What is the difference on the recipient side between 'I sign no
mail' and 'I sign some mail'?

I understand that "I sign some of my mail" is equivalent to not
expressing a signing policy at all, and therefore redundant.  I
don't understand the purpose of 'I sign no mail', but I suspect
that it is just as useless as "I sign some".
The utility of "I sign some" is not in the policy itself, but in the *discovery*
part of the protocol: when you find _any_ valid record, you know that you
can stop looking for one. Depending on the tree walking aspects of the discovery mechanism, this could be a useful thing. Maybe it would be better to do this by not expressing any policy/practice in the otherwise valid to get this functionality so as not to confuse the issue with the semantics of "I sign some" which doesn't seem to
mean much.

I have no idea what use "I sign no mail" has.

      Mike
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>