On Feb 22, 2008, at 5:00 AM, Charles Lindsey wrote:
On Fri, 22 Feb 2008 01:00:47 -0000, Douglas Otis <dotis(_at_)mail-
abuse.org>
wrote:
On Feb 21, 2008, at 4:01 AM, Charles Lindsey wrote:
But if they publish "s=SMTP" and something leaves their domain via
UUCP/NNTP/whatever-else, then they are saying it is OK not to be
signed.
When messages enter into infrastructure supporting messages
normally carried by SMTP, then the policy defined for SMTP should
be used. This may block messages from other transports integrated
into SMTP related infrastructure. When NTTP messages never touch
SMTP infrastructure, and the policy scope is s=SMTP, then NTTP
messages are excluded from assertions of being signed. This
default would create less astonishment, and not affect NTTP
messages that are handled separately from those related to SMTP.
I can think of nothing more astonishing to the readers of some
newsgroup and of its associated mailing lists that to have some
messages propagating freely within the newsgroup but not being
visible within the mailing list.
Regardless of the scope parameter, SSP policy will potentially create
a problem for messages introduced into SMTP. Limitation of such
abilities is a completely separate issue. Nevertheless SSP policy
scope would be able to establish explicit requirements at protocol
bridges, and within the separate protocol itself, through assertions
such as:
1) Both NTTP and SMTP are "all" signed
2) SMTP is "all" signed, excluding NTTP from the "all" signed assertion
3) Use of NTTP is disavowed by the domain.
4) Use of SMTP and NTTP are disavowed by the domain.
The more you try to justify this "s=" tag, the deeper into the pit
you dig yourself. It is evident to me that the whole idea is utterly
indefensible.
There is nothing wrong with declaring SSP policy as pertaining to
messages handled by SMTP related protocols and could be defined as
such. The "s=" tag could also allow a domain to could forgo NTTP to
ensure NNTP messages are not passed into SMTP as being from their
domain, such as "s=SMTP:!* to where all different message protocols
are disavowed. Perhaps the most useful declaration would be for
existing domains containing address records, but that wish to disavow
use of even SMTP. "s=!*" would avoid subsequent queries for key
records referenced from the domain, and prevent the continuation of
queries into the parent domain. "s=*!" would be more effective than
an invalid signature and an "all" or "repudiate-able" assertion.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html