ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Issue #1533: strict vs. integrated

2007-12-13 01:06:48
from [Jim Fenton] [Permanent Link] 
Dave Crocker wrote:




 strict  All mail from the domain is signed; messages lacking a
         valid Originator Signature MUST be considered Suspicious.  The
         domain does not expect to send messages through agents that
may
         modify and re-sign messages.


This value appears to conflate three separate issues:

   1. All mail with this domain in the From field will be signed by
that domain.

   2. No mail with this domain in the From field will be sent via
mailing
lists or other Mediators (re-posting services.)


Strict does conflate these two.  RFC5016 refers to "practices" (whether
or not the domain is "DKIM Signing Complete", i.e., signs all its mail)
and "expectations" (whether a verifiable author signature should be
expected).  This leads to four combinations, one of which doesn't make
sense (Signing Incomplete but expect a signature anyway).  The other
three are Unknown, All, and Strict.


   3. The owner of this domain considers non-delivery (including due to
broken signature) preferable over delivery of messages with this
domain in the
From field, but lacking a valid signature with this domain in the i=
parameter.


This is entirely separate from Strict; it's the handling flag, either
Process or Deny.  There has been some discussion as to whether Deny
makes sense with anything other than Strict (and whether Strict makes
sense with any handling other than Deny), but the draft is written with
the process flag independent.


At a minimum, the document should have text that considers the range
of mail
practices, such that this particular configuration of behaviors and
needs is
only one of the set. That way, there is a serious context for
assessing the
choice to have this particular, single flag, as representing a
particular
multi-attribute set.


Would this be the discussion requested in issue #1527?


In terms of terminology choice, a more semantically useful label
might be
something like "integrated".  Many scenarios could be "strict", so
that the
choice, here, does not convey much specific meaning.  I suggest
"integrated"
because I believe the flag applies to scenarios in which all aspects
of the
sender's email content and operations are tightly integrated.


I'd be interested in your opinion given that the label is not, in fact,
"integrated".

-Jim
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Issue #1528: false negatives and false positives, Jim Fenton
Next by Date:  Re: [ietf-dkim] Tracing SSP's paradigm change, Mark Delany
Previous by Thread:  [ietf-dkim] NEW ISSUE: strict vs. integrated, Dave Crocker
Next by Thread:  [ietf-dkim] NEW ISSUE: Applying SSP to sub-domains does not work, Dave Crocker
Indexes:  [Date] [Thread] [Top] [All Lists]