Dave Crocker wrote:
Michael Thomas wrote:
Dave Crocker wrote:
3. Scope and scale of query traffic
SSP originally was constrained to apply only to unsigned mail. The
current specification applies to unsigned messages *and* signed
messages
where the DKIM i= domain name does not match the rfc2822.From
<addr-spec>
domain. This is a considerable change in the nature -- and
potentially
a considerable change in the amount of query traffic -- that SSP
causes.
This has not changed in years. Maybe you've just become aware of it. And
the problem here remains with unsigned traffic. Third party
signatures are
very rare beasts.
The requirement to have i= match From domain was added between the -02
and -03 versions, sometime during Fall 06 and Winter 07.
On reviewing the working group archive, I have not succeeded in
finding any discussion either of changing the SSP paradigm to apply to
signed message or of the problematic selection of the rfc2822.From
field, rather than rfc2822.Sender field domain.
I recall making a point a number of times in the working group,
verifying that the group agreed that SSP applied (only) to unsigned
messages.
From draft-allman-dkim-ssp-00.txt, dated July 9, 2005, section 1
paragraph 3:
In the absence of a valid DKIM signature on behalf of the "From"
address [RFC2822], the verifier of a message MUST determine whether
messages from a particular sender are expected to be signed, and what
signatures are acceptable.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html