ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] What is your view on these three SSP topics?

2008-01-22 04:17:16
from [Charles Lindsey] [Permanent Link]
On Tue, 22 Jan 2008 02:32:28 -0000, Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:
As SSP is currently defined, a restricted or unrestricted key must be on-behalf-of the From header to be compliant with SSP "strict".
1) To be SSP "strict" or "all" compliant, the identity associated with a signature: 

a) must match an email-address within the From header.

+1
b) must match an email-address associated an entity introducing the message contained within the following headers: 

    From, Sender, Resent-From, Resent-Sender.

+1


c) may not match with any header and may not be defined.

+0
d) may not match with any header and may not be defined except for SSP "strict" which is limited to not being defined or matching the first email-address within the From. (as currently defined) 
-1

Add:
  e) Each entity with a "strict" or "all" SSP within the following headers
      From, Sender, Resent-From, Resent-Sender
  must be matched by an associated signature (if, in some complicated case,
  this requires the presence of several signatures, then so be it).
+2



2) SSP references should be done for:

a) Only the first From email-address. (as currently defined)

-1


b) All From email-addresses.

+1

Add:
  bb) All From email-addresses PLUS the Sender address, if any
+2
c) More than one From email-address is not be SSP compliant and is to be considered to produce an invalid signature. 
-1
d) More than two From addresses is not be SSP compliant and is to be considered to produce an invalid signature. When two From addresses are used, both domains should be checked for SSP compliance. 
-1



3) Keys restricted by a g= parameter are treated as valid and are:
a) SSP "all" or "strict" compliant only when on-behalf-of a From header email-address. 
+1

Add:
  a) SSP "all" or "strict" compliant only when on-behalf-of a From, Sender,
  Resent-From or Resent-Sender header email address.
+2
b) SSP "all" or "strict" compliant regardless of the identity signed on-behalf-of. 
-1
c) SSP "strict" compliant only when on-behalf-of the first From header email-address. (as currently defined) 
-1

--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131     Web: http://www.cs.man.ac.uk/~chl 
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [ietf-dkim] ISSUE 1525 -- Clarification about posting by first Author, John L
Next by Date:  [ietf-dkim] Re: Seriously., Frank Ellermann
Previous by Thread:  [ietf-dkim] What is your view on these three SSP topics?, Douglas Otis
Next by Thread:  RE: [ietf-dkim] What is your view on these three SSP topics?, Siegel, Ellen
Indexes:  [Date] [Thread] [Top] [All Lists]