ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] NEW ISSUE: SSP-02: Policy Scope

2008-02-13 17:01:58


Douglas Otis wrote:

On Feb 13, 2008, at 3:33 PM, Jim Fenton wrote:

Wietse Venema wrote:

Excuse my ignorance, but why limit DKIM (or SSP) to information
that is delivered via SMTP? They can work with any transport that
uses RFCx822 for content and that uses DNS for name resolution.


Interesting idea. In 4871, we do have the s= tag and the DKIM Service Types registry. Perhaps SSP should specify which service type(s) to which the record applies; for completeness we should probably have a way of specifying multiple (service type, policy) groups, although the only service type in the registry now is "email".

Jim,

The service type that could be noted in the key does will not work as there are no defined key locations. The policy scope needs to be within the policy record or reflected in the label used to locate the record.

I'm not depending on the key; I'm simply noting that since there is extensibility of DKIM signatures beyond SMTP and that it may be desirable to have similar extensibility of SSP.

Depending upon the label works well, but then there might be a desire to signal "cease and desist" when there are multiple policies. The "cease and desist" state can be generally defined as the presence of the policy record with the absence of the discovery record.

I don't know what a "discovery record" is. Why can't the practices for these other services be located at the same place? It seems unlikely that we will ever have that many services using RFCx822 for content that we'll run out of record space. Feel free to quote me widely when I'm wrong about that.

-Jim

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html