Dave Crocker wrote:
2. Unsigned vs. Mismatched Signature
The original SSP specification applied only to unsigned messages. The
current
version includes mail that is signed but has different domains
between the
DKIM i= attribute and the rfc2822.From field. Presumably, this new
capability
overrides whatever reputation is associated with the message signer.
If a signer has a good reputation, then why is that not sufficient for
enabling delivery? In other words, with a signature of a domain with
a good
reputation, what threats is SSP trying to protect against?
To the extent that the above is not sufficiently clear:
All text that causes SSP to be applied to an already-signed
message needs to be removed.
A DKIM signature is a statement of responsibility. When a signature
is present, an organization has taken responsibility for the message.
Reconciling an existing signature against another identity field, such
as rfc2822.From moves the use of DKIM from statements about simple
transit responsibility into assertions of content legitimacy and/or
accuracy. This is out of scope for DKIM.
d/
While I don't agree with Dave's proposal, I do think there may be a
problem with the text. In particular I am concerned about mailing list
software that breaks signatures and resigns. Dave's concern is over the
definition of the message originator. If a reputation check of some
form is done on a valid signature and found to be positive, I see no
reason to continue the SSP process. On the other hand, if the
reputation check returns neutral or negative, that could open a gaping
hole into the specification, by avoiding checks that would have
otherwise been performed that would have led to "suspicious".
Eliot
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html