Hi Frank,
Frank Ellermann wrote:
Stephen Farrell wrote:
I don't think its too verbose, but I don't understand how it
answers the question I asked ;-)
You want to add a requirement "The protocol MUST...state..."
I wanted you to give me a strawman statement that would meet
that requirement (that you think is reasonable).
LOL, somewhere we're out of sync. AFAIK we're still discussing
the "requirement-02", is that correct ?
Yep.
For the "requirements"
we don't need to go into details about gateways etc., but we can
"require" that the future SSP defines 'DKIM signing ciomplete'
in a way understood by anybody considering to publish some kind
of "I sign everything" policy.
Correct. I was asking because I couldn't envisage a way to really
meet the requirement without having to go into lots of piecemeal
discussions of other protocols that may re-use (related) header
fields.
If however an SSP protocol spec sentence like: "Everything is
signed using the RFC2822-From domain" was specific enough (forget
for now whether its perfect/ok/plain-wrong or not), then I think
your putative requirement can be handled.
...
A domain claiming to be 'DKIM-signing-complete' has to be sure
that there's some DKIM-signing agent on _all_ routes before one
of their spf2.0/pra PASS or NEUTRAL IPs. Otherwise they screwed
up, causing harm for mails "from" their domain.
I think that last is a fair point. But I'm still not convinced
that it's up to the DKIM WG (now) to figure out all details of
all such gatewaying cases, which is where we'd be heading if we
start on that road.
Not *now*, now we IMO only need a requirement that any future SSP
"I sign everything" has to be very clear about its implications.
Good. So for example, qualifying the statement (in the RFC or using
syntactic means) to restrict it to mean "I sign everything that's
sent out via SMTP with the RFC2822-From domain" or somesuch would meet
the requirement.
No weasel words like "annotation as suspicious".
That's a different topic. But one I suspect that inevitably requires
weasel words.
The longer I think about it the more I feel that this SSP "I sign
everything" could be handled as special application of spf2.0/pra.
It's in essence the same mess. Adding "'I' DKIM-sign everything"
_syntax_ to spf2.0/pra is simple, and maybe the SPF folks will add
this _syntax_ anyway IFF the semantics is clear.
I don't personally know enough so know about that, but I'd be
interested if a bunch of folks felt that way.
So, we've clarified your putative requirement enough now (for me
at least) that I think people can make up their minds as to whether
to accept it or not. (And this is issue#1398 now btw, so we'll be
coming back to decide it thanks to the tracker.)
Cheers,
S.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html