On Fri, 16 Oct 2009, Ian Eiloart wrote:
(Incidentally, anyone have a better name for this policy?)
"dkim=all" If you read ADSP in conjunction with section 3.1 of RFC 5016,
then "dkim=all" means exactly that: "Domain Alice provides information that
it signs all outgoing mail, but places no expectation on whether it will
arrive with an intact first party signature."
You're endorsing the Thomas interpretation, here.
I'd just note that the following, from RFC 5617, section B.1:
# In this situation, it might be appropriate to publish an ADSP record
# for the domain containing "all", depending on whether the users also
# send mail through other paths that do not apply an Author Domain
# Signature. Such paths could include MTAs at hotels or hotspot
# networks used by travelling users, web sites that provide "mail an
# article" features, user messages sent through mailing lists, or
# third-party mail clients that support multiple user identities.
... seems to endorse the Levine interpretation. "user messages sent
through mailing lists" is explicitly listed as a contraindication to
an "all" policy.
But whatever, we may need a straw poll followed by a clarification RFC,
to settle once and for all whether Levine or Thomas is canon.
My leaning is that Levine is more faithful to the RFCs as published, but
Thomas would be more useful. I favor my "except-mlist" as a third option,
allowing us to gain the benefits of Thomas while yielding to Levine.
---- Michael Deutschmann <michael(_at_)talamasca(_dot_)ocis(_dot_)net>
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html