[ietf-dkim] NEW ISSUE: Limit the application of SSP to unsigned messages

2. Unsigned vs. Mismatched Signature

The original SSP specification applied only to unsigned messages. The current
version includes mail that is signed but has different domains between the
DKIM i= attribute and the rfc2822.From field. Presumably, this new capability
overrides whatever reputation is associated with the message signer.

If a signer has a good reputation, then why is that not sufficient for
enabling delivery?  In other words, with a signature of a domain with a good
reputation, what threats is SSP trying to protect against?


To the extent that the above is not sufficiently clear:

All text that causes SSP to be applied to an already-signed messageneeds to be removed.

A DKIM signature is a statement of responsibility. When a signature ispresent, an organization has taken responsibility for the message.

Reconciling an existing signature against another identity field, such asrfc2822.From moves the use of DKIM from statements about simple transitresponsibility into assertions of content legitimacy and/or accuracy. This isout of scope for DKIM.


d/
--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net
_______________________________________________

NOTE WELL: This list operates according tohttp://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

[ietf-dkim] NEW ISSUE: limiting SSP to statements that inform recipient about (potential) signer actions, Dave Crocker

Next by Date:

[ietf-dkim] NEW ISSUE: Discussion of query traffic overhead, Dave Crocker

Previous by Thread:

[ietf-dkim] NEW ISSUE: limiting SSP to statements that inform recipient about (potential) signer actions, Dave Crocker

Next by Thread:

Re: [ietf-dkim] NEW ISSUE: Limit the application of SSP to unsigned messages, Arvel Hathcock

Indexes:

[Date] [Thread] [Top] [All Lists]