ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] NEW ISSUE: SSP-02: Policy Scope

2008-02-20 05:28:20
from [Charles Lindsey] [Permanent Link] 
On Fri, 15 Feb 2008 19:27:29 -0000, Douglas Otis 
<dotis(_at_)mail-abuse(_dot_)org>  
wrote:


On Feb 15, 2008, at 4:50 AM, Charles Lindsey wrote:


On Thu, 14 Feb 2008 19:08:41 -0000, Douglas Otis 
<dotis(_at_)mail-abuse(_dot_)org>  
wrote:



s= Policy Scope (plain-text; OPTIONAL; default is "SMTP").  A colon-


No! The default must be '*'.


The concern regarding defaults was addressed in Take #3.  This version  
includes a means to exclude policy.


And indeed Take #3 starts:

s= Policy Scope (plain-text; OPTIONAL; default is "*").

so it seems my point is accepted.


    *  matches against all unlisted transport protocols
    !  disavows protocol use
    -  excludes protocol from policy assertions

I suspect the default should be "s=SMTP" where this would be the same as  
"s=SMTP:-*".  When the domain exchanges no communication whatsoever,  
"s=!*" could be used.  When only SMTP messages are used, then  
"s=SMTP:!*" would make this assertion.


But now you are contradicting yourself. First you say 'default is "*"';  
now you are saying 'I suspect the default should be "s=SMTP"'. Which is it?




But you have to make it clear that verifiers can only discern the  
protocol used by the originating site by carefull examination of  
Received headers (and believable ones at that). So I am still very  
dubious about adding this feature.



Trace headers can not be included within DKIM signatures.


Then in that case the whole idea of a protocol parameter in SSP falls flat  
on its face. Because there is no other method, apart from Received  
headers, for telling what was the original protocol used in sending the  
message, and we all know how easy Received headers are to spoof.

So we are back to what Hector is saying. SSP MUST be applicable to any  
message in RFC 2822 format, or any format similar to that (which clearly  
includes News). Because other formats are regularly gated _into_ SMTP  
(often with the removal of headers such as Newsgroups and Path which might  
have indicated their origin). So sites that publish  
strict/discardable/whatever policies will just have to be careful.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] SSP-02 the problem with Author Signature, Douglas Otis
Next by Date:  Re: [ietf-dkim] ISSUE 1547: SSP-02: MX Record publishing mandateto reduce DNS overhead for SSP Discovery and to detectfraudulent messages, Charles Lindsey
Previous by Thread:  Re: [ietf-dkim] NEW ISSUE: SSP-02: Policy Scope, Douglas Otis
Next by Thread:  Re: [ietf-dkim] NEW ISSUE: SSP-02: Policy Scope, Douglas Otis
Indexes:  [Date] [Thread] [Top] [All Lists]