On Wednesday 15 November 2006 14:33, John Glube wrote:
* When writing the SSP, the working group takes into
account that there is a group of senders (who mail on
behalf of others) that follow recommended practices by
publishing a sender header, who would like to sign the
sender header, have this signature verified and want to
protect the domain in the sender header from phishing and
forgery attacks.
This may be a use case that requires the designated signing domain feature, if
I understand it correctly.
If the message is:
From: marketing(_at_)customer(_dot_)example(_dot_)com
Sender: listserver(_at_)bighip(_dot_)com
Then without an ability to designate a signing domain, the message would have
to be signed twice (once by each domain) to protect both headers.
With the ability to publish a list, then the message could be signed once with
one domain (the customer domain I would imagine) publishing policy saying
that bighip.com was authorized to sign mail for them.
I'm not sure which approach would be better. Two signature places a burden on
every receiver whether they care about SSP or not.
Scott K
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html