On Wed, 29 Nov 2006 13:44:30 -0000, Scott Kitterman
<ietf-dkim(_at_)kitterman(_dot_)com> wrote:
SSP needs an identity to key off of to lookup a policy. The agreed
identity
for that is 2822.From for several reasons:
But that is wholly back to front. The SSP policy to look up initially
should be that of the domain making the signature. Then you look at the
various headers and see which ones match the policy of that domain. And
finally, if some of them don't match and your policy module thinks they
should, then you can look up the SSPs for some of those too. The case
where the domain of the Sender did not match _any_ of the domains in the
From might be a case for such additional lookups.
But OTOH suppose the SSP of the signer said:
"We are a list expander and resign all messgaes because we have corrupted
any original signatures, but only after we have checked the validity of
those original signatures", then what are you going to do?
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html