-----Original Message-----
From: John L [mailto:johnl(_at_)iecc(_dot_)com]
Sent: Tuesday, December 30, 2008 1:44 PM
To: MH Michael Hammer (5304)
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: RE: [ietf-dkim] Next steps for draft-ietf-dkim-ssp
It's when the signature matches the From: address. Shouldn't be
too
hard to say it again.
Wouldn't the better (correct) way to state this be:
It's when the signing domain (d=) and signature matches the From:
address domain.
That's what I think, but the current draft has the i= override the d=
so
if the From: is a(_at_)b(_dot_)com, the signature is d=b.com
i=z(_at_)b(_dot_)com, then as
currently spec'ed, that doesn't match.
This goes back to all the long drawn out discussions when it was changed
from "Sender Signing Policy" to "Author Domain Signing Policy". If we
start talking about the Right hand side then we aren't talking domains
but addresses.
I was originally in favor of a broader scope for "SSP" that would have
gone beyond just the From: address domain to include other signers. The
narrower scope met what I perceive as the needs of heavily phished
brands so I was comfortable going with the narrower scope.
The i= override doesn't make sense to me if the intent of ADSP is
signing by author domains. I thought this was why we ended up going with
"all" and "discardable" conceptually.
Is there anyone on the list that would realistically plan on
implementing/publishing ADSP using an "i=" override? If so, could they
explain the logic and necessity of doing so? What is the anticipated
benefit?
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html