[Adding issue number to the subject so we know what we're talking about.]
Michael Thomas wrote:
mtcc.com SSP: p=strict;
From: mike(_at_)mtcc(_dot_)com
DKIM-Signature: i=foo(_at_)hacker(_dot_)com;
Subject: phish is yummy
If you're going to say that this signature qualifies as acceptable for
the above SSP record, then you have created a security hole that renders
SSP utterly useless.
With p=strict and no other Originator Signature present, the message is
indeed Suspicious. If the verifier is following the spec, it is always
Suspicious.
You may have intended to present the example with p=all. In this case,
the message may or may not be Suspicious, at the discretion of the
verifier. This is what is meant by "Verifier acceptable". If the
verifier knows something good about the signer (maybe it's ietf.org
instead of hacker.com), it might decide that the message is not
Suspicious. It's up to the verifier.
So there are three cases:
p=unknown => message is not Suspicious
p=all => message is not Suspicious if an Originator Signature is present
or another signature is present that is acceptable to the verifier
p=strict => message is Suspicious unless an Originator Signature is present
It might be argued that we should allow the verifier to make a decision
based on other criteria in the p=all case. I see SSP as an adjunct to
DKIM, and not other mechanisms, and the [not] Suspicious result as an
input to later stages of filtering, but I'd be interested in the group's
opinion on that.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html