ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Seriously.

2008-01-23 08:01:41
Jon Callas wrote:


1. Perform SSP checks on the domains of all From addresses in the message, with the exception of addresses having valid Author Signatures. If any of the checks result in a Non-Compliant (formerly Suspicious) result, then the message is considered Non-Compliant.

or

2. In the case of multiple From: addresses in the message, and the domain part of one of the addresses matches the domain part of the Sender address, then perform an SSP check on that address unless it has a valid Author Signature. If the Sender header field does not match the domain of one of the from address or is missing [violating 2822], revert to alternative #1.

There are some other variations, but I think these are the two main proposals.


But there's also

3. Throw your hands up in the air and let non-DKIM software squint at the message.

I'm expecting that non-DKIM software will "squint at the message" anyway. SSP is an input to that process. By "Throw your hands up in the air," I gather you mean, "the result of the SSP check is indeterminate," and yes, that is an option too. I don't think that's a very good option, because it means that an attacker can defeat SSP simply by adding an additional From address to a message.

-Jim

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>