Douglas Otis wrote:
On Mar 9, 2009, at 8:35 AM, Suresh Ramasubramanian wrote:
If your sole goal in ADSP is "declare that domain x signs all mail"
then there could be a far simpler and more cut down version of ADSP
that'd fit the bill.
Agreed. It should not force double signing, for example.
To wit - the "locked ADSP record" part. And if that's all that is
required .. why then, I dont see why that part of it cant be
shoehorned into the base 4871 spec somehow - perhaps in -bis as a
newly defined tag.
This terminology is from a different draft where "all" was changed to
"CLOSED" and "discardable" to "LOCKED". The DKIM public key is not
directly referenced from the email-address domain, it needs a selector
to be discovered. This policy is to be applied when no signature is
found. There does not seem to be any practical advantage attempting
to overload the DKIM public key record, nor would a signature tag be
that much help.
Lets keep this simple.
From the beginning, there were certain policies that were considered
that I can best summaries with these dialog box:
-- SSP --
DOMAIN: __________
(_) NEVER SIGNED
(_) ALWAYS SIGNED
(_) ME ONLY
(_) 3RD PARTY LIST [ EDIT LIST ...]
(_) SOMETIMES SIGNED
(_) ME ONLY
(_) 3RD PARTY LIST [ EDIT LIST ...]
[ SAVE SSP RECORD ] [ REMOVE SSP RECORD ]
That was deemed too complex, at least the 3rd party portions of it.
So now we have (I think)
-- ADSP --
DOMAIN: __________
(_) ALWAYS SIGNED
[_] ME ONLY
(_) SOMETIMES SIGNED
[_] ME ONLY
[ SAVE ADSP RECORD ] [ REMOVE ADSP RECORD ]
Any further reduction is not going to help target the market of
domains that at seeking exclusive DKIM signature usage.
--
Sincerely
Hector Santos
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html