Eric Allman wrote:
It sounds like you are arguing that "all" should be "strict" and
"strict" should be eliminated;
as a corollary, no Third Party Signatures should be accepted under any
circumstances. That's a valid argument, but it has nothing to do with
whether the -ssp draft is accurate.
No. Strict seems consistent with the requirements. For "all", the
problem I'm
having is tying the statement "I sign everything" to any other statement,
including "I think that 3rd party signatures are groovy". They are not
inherently
linked, and the SSP draft shouldn't do that. I can very easily say "I
sign everything"
and have no opinion whatsoever about other kinds of signatures.
I note however that -ssp-requirements doesn't seem to cover the Third
Party Signature case at all. Section 2 defines "Third Party
Signature" but then never uses the term. In fact, although the one
line description of Problem Scenario 1 reads "Is All Mail Signed with
DKIM?", and section 4.1 seems to cover the case of a Third Party
Signature (at least, it doesn't mandate a First Party Signature),
sections 2 and 5.3 point 3 define "DKIM Signing Complete" as requiring
a First Party Signature. In short, it appears that -req doesn't
permit third party signatures under any circumstances. I'm not sure
this was the intent of the working group.
It doesn't permit 3rd party signatures for _SSP_ itself. That doesn't
say anything
about third party signatures in general which receivers are perfectly at
liberty to
use or not use as they see fit. I'm pretty sure we've been through this
ad nauseum
about third party signatures with SSP and that the consensus was that we
didn't
want to go there. Look at the archives about whether we needed
enumerated lists
of 3rd party signers for example -- that was rejected.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html