John Levine wrote:
I will state <LOUDLY> that without the ability to handle 3rd party
signing statements, SSP is useless to me.</LOUDLY>
You know that hasn't been in any of the drafts, don't you?
I have no idea what you are thinking John, but all the POLICY I-D
drafts, starting with the original SSP-00, the derivative DSAP, and the
updated SSP-01, all had information regarding 3rd party signing
expectations and controls.
Starting with SSP-00, it had the explicit policies:
o=~ NEUTRAL (signature optional, 3rd party allowed)
o=- STRONG (signature required, 3rd party allowed)
o=! EXCLUSIVE (signature required, no 3rd party)
o=. NEVER or NOMAIL (no mail expected)
o=^ USER
o=? WEAK (signature optional, no third party, PROPOSED)
Quite often, some of the best ideas are the initial ones!!
With all the discussions, a derivative draft called DSAP was written
focusing on the security and protocol consistency of DKIM:
From the viewpoint of the verifier, when a message is received, there
are two basic pieces of signature information to be of interest when
analyzing the transaction:
o Original Party Signatures (OP)
* never expected
* always expected
* optional
o 3rd Party Signatures (3P)
* never expected
* always expected
* optional
When the two signature types are combines, the possible policies are
listed in this following table:
+=================================================================+
| op= | 3p= | Domain Policy Semantics |
|=================================================================|
| empty | empty | No mail expected |
|-----------------------------------------------------------------|
| never | never | No signing expected |
| never | always | Only 3P signing expected |
| never | optional | Only 3P signing optional |
|-----------------------------------------------------------------|
| always | never | OP signature expected |
| always | always | Both parties expected |
| always | optional | OP expected, 3P may sign |
|-----------------------------------------------------------------|
| optional | never | Only OP signing expected |
| optional | always | OP expected, 3P expected |
| optional | optional | Both parties may sign. |
+-----------------------------------------------------------------+
These cover all possibilities from what could be expected.
SSP-01 was written and reduced/folded its policies to include:
DKIM=STRICT
which specifically targets unexpected 3rd party signatures.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html