-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Jun 7, 2007, at 6:06 AM, Hector Santos wrote:
Jim Fenton wrote:
Jon Callas wrote:
In short -- saying "I sign everything" with a non-existent or
bogus key is the same thing as saying, "You'll never see a valid
one of these."
But I agree with this statement, which I think is your main point.
Sure, but unless I am missing a changing of philosophy, this goes
against DKIM-BASE "ignore failures" design.
I was under the impression, the whole point of the SSP layer is to
give DKIM domains and verifiers some authority to handle the DKIM
signature expectation violations.
Is that what we want? change the semantics of DKIM-BASE?
It doesn't change any semantics at all. DKIM-BASE does recommend
ignoring failures. But the whole point of SSP is to consider the case
where we don't want to ignore failures. We want a missing/broken/etc.
signature to have meaning.
The receiver doesn't have to do anything. It can ignore all of DKIM.
But if it doesn't want to, that's where SSP comes in.
The hack I describe is merely setting up your DKIM parameters so that
any signature on a message must be erroneous; the receiver then does
whatever they want, including using SSP.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.1
Charset: US-ASCII
wj8DBQFGaRrosTedWZOD3gYRAp5oAKDWQHU/vC8MBjQJDOrV8oxjpj+7fgCcDMgz
UvCfaRQjnFTE/8+qAgmR+wA=
=Dswf
-----END PGP SIGNATURE-----
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html