Some additional suggestions:
2. Language and Terminology
One thing that was a clear take-away form the recent Interop
event was that we must have a clear definition of "signing identity".
Please consider adding this definition somewhere:
2.x Signing Identity - The "Signing Identity" is the value listed
in the i= tag of a DKIM-Signature header field. If the i= tag is not
present then the "Signing Identity" becomes the @ sign followed by the
domain value taken from the d= tag of the same DKIM-Signature header field.
2.5 Alleged Signer - An "Alleged Signer" is the Signing Identity
claimed within an as-yet unverified DKIM-Signature header.
2.7 I wouldn't call this section "Sender Signing Practices" as this
is the name of the overall document itself. Can this be called "Sender
Signing Practices Record"?
"...which includes information about whether or not that
domain...." -> "...which includes information on whether and how that
domain signs their email." I think it's not necessary to try and
illiterate here all the possibilities (or some of the possibilities)
that can be done with the current draft of SSP.
2.8 Assuming you agree to add my definition of "Signing Identity"
then this could be rewritten like this:
"An "Originator Signature" is any Valid Signature where the
Signing Identity matches the Originator Address. If the Signing Identity
does not include a local-part, then only the domains must match;
otherwise, the Originator Address and the Signing Identity must be
identical.
2.9 Possible rephrasing:
"Messages that do not contain a valid Originator Signature and which
are inconsistent with a Sender Signing Practices check (for example,
messages without a Valid Signature when a Sender Signing Practices
Record advertises an expectation to the contrary) are referred to as
"Suspicious".
2.11 "For the message" -> "for the message"
More to come.
Arvel
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html