There remains some disagreement on whether the "informative note"
contained in the last paragraph of the text I proposed on March 27
should appear in the ADSP draft. The note said:
Informative Note: ADSP is incompatible with DKIM signing by parent
domains described in section 3.8 of [RFC4871] in which a signer uses
"i=" to assert that a parent domain is signing for a subdomain.
This would replace the Note in draft-ietf-dkim-ssp-09, section 2.7.
Thus far, I feel it should be included and John Levine and Dave Crocker
feel it shouldn't. May we have guidance from others in the Working
Group, please?
[> ]
I think it may be the "incompatible" that's causing the disagreement. ADSP is
not incompatible with that signing configuration, it would just require that a
second signature be added.
Maybe something more like the following?
"ADSP should not be used for domains that use "i=" values to enable a parent
domain to sign for a subdomain (as described in section 3.8 of [RFC4871])
unless an additional signature where the "d=" domain matches the "i=" domain is
added."
Ellen
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html