On Feb 1, 2008, at 3:18 PM, Hector Santos wrote:
Douglas Otis wrote:
This draft goes to the opposite extreme of the ASP draft and
increases the restrictions for "all" compliance as well. This draft
indicates _ALL_ messages are to include a signature with an i=
parameter matches that of an identity within the From header. This
is not the defined use for RFC 4871.
The ASP approach creates fewer corner cases. At least with the ASP
draft, any risk of misuse remains within the control of a domain to
rectify.
IMHO, unless the SSP draft is changed to comply with RFC 4871, the
WG should consider adopting the ASP draft instead.
First, I don't agree that SSP did not comply with RFC 4871.
No. RFC 4871 does not comply with SSP.
Second, I for one am tired of this stuff going on in this WG.
For all intent and purposes this ASP Adaptation is essentially the
same document, the same copy of SSP with essentially the term
Originator changed to Author.
I strongly disagree. Please review the differences.
Per ASP:
2.8. Author Signature
An "Author Signature" is any Valid Signature where the *signing
domain*
(listed in the "i=" tag if present, otherwise its default value,
consisting of the value of the "d=" tag) matches the domain of an
Author Address.
Per SSP:
2.8. Author Signature
An "Author Signature" is any Valid Signature where the *identity* of
the user or agent on behalf of which the message is signed (listed in
the "i=" tag or its default value from the "d=" tag) matches an
Author Address in the message.
IMHO, ASP is a far better definition and does not impose changes with
respect to how RFC 4871 might be used.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html