ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] NEW ISSUE: Policies Required to close security threats

2008-02-12 04:11:57
On Tue, 12 Feb 2008 01:06:42 -0000, Hector Santos <hsantos(_at_)santronics(_dot_)com> wrote:

I recommend the following changes/new text for section 3.3. SSP Record Syntax:

3.3.  SSP Record Syntax

  dkim=  Outbound signing practices for the domain (plain-text;
         REQUIRED).  Possible values are as follows:

     unknown

        Any domain may sign none, some, or all email.



     optional

        Only the Author Domain may sign none, some, or all email.


No Way!

Signers and SSP publishers CANNOT dictate who else may or may not add signatures as the message propagates further. It is just not the business of SSP to state that. List expanders, for example, can be expected to add their signatures as a matter of routine.

If what you are trying to say is what signers to whom you have outsourced your mail sending may or may not do (which is one - but only one - meaning of "3rd party signing"), then that is fine, but that is NOT what you have written

What SSP CAN do is to state how subsequent signatures are to be handled by checkers/evaluators/verifiers/whatever.

For example, the true effect of the "Discardable" option is to tell verifiers that "we recommend you to ignore any signatures other that our own when deciding how to dispose of these messages". In fact, the semantics of "Discardable" should probably be specified in that way.

--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131     Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>