ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to unsigned messages

2008-01-25 08:27:18
from [Charles Lindsey] [Permanent Link] 
On Thu, 24 Jan 2008 16:18:32 -0000, Dave Crocker <dhc(_at_)dcrocker(_dot_)net> 
wrote:


Stephen Farrell wrote:

1521    Limit the application of SSP to unsigned messages    new dkim
Nobody    0 dhc(_at_)dcrocker(_dot_)net    9 days ago        9 days ago    0
Proposal: REJECT, but some wording changes may be needed for the next rev, thread is [4] I mainly saw opposition to the change suggested in 
the issue, and little support, but some text clarifying changes were
suggested (e.g. [5]). [4]
http://mipassoc.org/pipermail/ietf-dkim/2007q4/008424.html [5]
http://mipassoc.org/pipermail/ietf-dkim/2007q4/008467.html
Would you please explain the basis for assessing that this topic got sufficient discussion and that there was rough consensus on it? 
 See above "I mainly saw..."



Summary of proposal:
All text that causes SSP to be applied to an already-signed message needs to be removed.
I would like to ask folks with an opinion about this proposal to post an explicit note stating support or opposition. Some of the existing posts were about substantive issues in the proposal, but did not clearly indicate support or opposition. 

-1 - mainly because the proposal is meaningless.
SSP is applied by verifiers close to the final recipient. We expect messages to be "already-signed" at the point, so you essentially seem to be saying "SSP is NEVER to be applied".
Even if "already-signed" is taken to mean "already-validly-signed", that still leaves open the question "has it been signed by the right people?", and answering that question is the whole point of SSP.
Even if all the From addresses have SSP policies "all" (in which case any valid signature is good enough) you still need to do the SSP lookup in order to establish that fact.
Because, if one of them has SSP=strict, and you fail to lookup the SSP, then you will let through messages that the strict-domain wanted to you reject.
So the proposal is tantamount to abolishing the 'strict' category entirely. Either that, or it is meaningless. 

--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131     Web: http://www.cs.man.ac.uk/~chl 
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] Re: from'less 2822 messages, Frank Ellermann
Next by Date:  Re: [ietf-dkim] SSP vs. reputation (was: ISSUE 1521 -- Limit the application of SSP to unsigned messages), Charles Lindsey
Previous by Thread:  RE: [ietf-dkim] Re: the entire world will change their mail systems so that SSP sort of works, robert
Next by Thread:  RE: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP tounsigned messages, Bill.Oxley
Indexes:  [Date] [Thread] [Top] [All Lists]