-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of J D Falk
Hector wrote:
The fallacy in the "common use case" opinion stated above is that it
has
limited insight and is based on the idea that a most domains may
wish
to
be part of a 3rd party Bulk mailer system or will part of a prior
3rd
party agreement or have a inherent TOS with 3rd party signers.
That's not quite what we had in mind. As I see it, 3rd party signing
is
only acceptable when the domain owner wants to permit it -- so if
there's no agreement, the entire discussion of 3rd party signing is
irrelevant. This is more or less your argument, too, so we probably
just need to tighten the wording of that paragraph so that it's clear
that it means what we both want it to mean.
3rd party signing is acceptable as long as the domain owner doesn't
explicitly forbid it by publishing a policy to that effect. Some domain
owners may be willing to leave the decision to their individual account
owners rather than enforce a domain wide policy one way or the other.
3rd party signing is one of the important flexibilities of DKIM: any
party (or parties) can take responsibility for a message. It seems a
shame to just toss that out because it's potentially exploitable.
I'm not cool with replacing an "out of scope" statement at the tail
end
of an appendix with normative demands of specific verifier behavior,
however.
+1
Ellen
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html