[Top] [All Lists]

Re: [ietf-dkim] Re: Role of Sender header as signing domain

2006-11-30 04:21:56
On Wed, 29 Nov 2006 13:44:30 -0000, Scott Kitterman <ietf-dkim(_at_)kitterman(_dot_)com> wrote:

SSP needs an identity to key off of to lookup a policy. The agreed identity
for that is 2822.From for several reasons:

But that is wholly back to front. The SSP policy to look up initially should be that of the domain making the signature. Then you look at the various headers and see which ones match the policy of that domain. And finally, if some of them don't match and your policy module thinks they should, then you can look up the SSPs for some of those too. The case where the domain of the Sender did not match _any_ of the domains in the From might be a case for such additional lookups.

But OTOH suppose the SSP of the signer said:

"We are a list expander and resign all messgaes because we have corrupted any original signatures, but only after we have checked the validity of those original signatures", then what are you going to do?

Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131     Web:
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
NOTE WELL: This list operates according to

<Prev in Thread] Current Thread [Next in Thread>