Re: [ietf-dkim] ISSUE: SSP-01 Unnecessary constraint on i= when assertin

On Wednesday 05 December 2007 13:36, Douglas Otis wrote:

A domain wishing to protect their transactional mail may decide to
publish "strict" to limit the acceptance of "non-compliant" messages.

Compliance now requires the i= to not include a localpart, or for the
localpart to match with the From header.

This unnecessary requirement may produce "false positive" detections
of bad acts when signing domain uses i= as intended in the base draft,
which is to indicate on who's behalf the message was signed.

Options to mitigate "false positives" would be to:

  1- Exclude the i= parameter
  2- Add another signature specifically signing the From as well


Since the signer is controlled by the same entity, option 3 would be don't 
send messages where i= doesn't match what's in From.  

Scott K
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: [ietf-dkim] Draft summary of SSP functionality, Scott Kitterman

Next by Date:

Re: [ietf-dkim] Re: making SSP useless in one short step, Scott Kitterman

Previous by Thread:

Re: [ietf-dkim] ISSUE: SSP-01 Unnecessary constraint on i= when asserting "strict", Eliot Lear

Next by Thread:

Re: [ietf-dkim] ISSUE 1519: SSP-01 Unnecessary constraint on i= when asserting "strict", Jim Fenton

Indexes:

[Date] [Thread] [Top] [All Lists]