On Mon, Jun 21, 2010 at 3:37 PM, Douglas Otis <dotis(_at_)mail-abuse(_dot_)org>
wrote:
The following draft has been updated and submitted. It references the
dkim-mailinglist draft and the APWG Trend report.
Scopes now only indicate what headers must be included by an authorized
third-party service, or as an interim strategy, what path related
elements can be used when DKIM signatures are not offered by the desired
third-party service.
http://www.ietf.org/id/draft-otis-dkim-tpa-label-04.txt
http://www.sonic.net/~dougotis/id/draft-otis-dkim-tpa-label-04.html
Doug I stopped reading at section 3.2. I think this is too ambitious.
But I want some of this functionality. What I'd like is a draft like
this that doesn't require any dkim changes. I also don't want it tied
to ADSP. I see an alternate definition of 3rd party. It seems the
definition in this draft doesn't call this a 3rd party:
DKIM-Signature: ... d=foo.example.net
From: bar(_at_)example(_dot_)net
I think some folks say it is.
A simplification of this draft would be:
1) if the signature validates
a) create a label composed of <d=>._tpa.<author-domain>
So for the above, one would do a DNS lookup at:
foo.example.net._tpa.example.net
if there is a record, there is a stated relationship between
<author-domain> (example.net) and <d=> (foo.example.net).
I'll read the rest of your draft, but I'm wondering if my
simplification would be enough for most folks. IMHO any service that
builds off of DKIM should do something like this. It would reduce the
need for multiple signatures.
--
Jeff Macdonald
Ayer, MA
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html