ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Tracing SSP's paradigm change

2007-12-06 12:22:02

On Dec 6, 2007, at 9:29 AM, Michael Thomas wrote:
The specific issue is whether *any* DKIM signature from *any* domain should be sufficient to qualify for "strict" or "all".

Do you agree with that or not?

This question appears to miss the point. When examining the domain of the From, a valid signature by that domain on behalf of _any_ header should be sufficient to comply with a "strict" assertion. The only exception need would be for restricted keys. As Originating Signature is defined, this is not the case.

Dave's comment was about DKIM offering evidence of a domain's responsibility. This concept has been missed by the current definition for Originator Signature. Messages that are not signed or signed by different domains would be a separate issue. The "all" assertion requires _at least a valid_ signature acceptable to the verifier. At least the definition for "all" is correctly at the domain.

-Doug
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html