ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: Issue #1512: Re: making SSP useless in one short step

2007-12-11 12:16:49
On Thu, Dec 06, 2007 at 08:17:09PM -0500, John L wrote:
In that case, what is the SSP result when a message does not contain a
valid Originator Signature, and the Originator Domain has a policy of "all"?

"not compliant"

The whole business about third-party signatures is a DKIM-based
mechanism to decide what to say in that case.  If the verifier sees
another signature that they "like", the result is "not Suspicious".

If the recipient sees another signature it likes, it's not going to do
an SSP lookup at all, so I don't see any value in giving recipients directions for a situation that won't happen.

Sorry to chime into this so late, but I want to make sure I understand.
Given this:

SPP bankofamerica.com p=strict

From: loans(_at_)bankofamerica(_dot_)com
DKIM-Signature: i=(_at_)dkim(_dot_)mit(_dot_)edu
DKIM-Signature: i=(_at_)dkim(_dot_)bankofamerica(_dot_)com
Subject: Get a great rate today!

<body munged by mit that would cause bankofamerica signature to fail>


You'd accept the message?


--
:: Jeff Macdonald | Director of Messaging Technologies
:: e-Dialog | jmacdonald(_at_)e-dialog(_dot_)com
:: 131 Hartwell Ave. | Lexington, MA 02421
:: v: 781-372-1922 | f: 781-863-8118
:: www.e-dialog.com

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>