2) We should consider a 5617bis (ADSPbis) to codify its semantics
regarding Author Domain only signature policies to include a:
Always sign by *anyone* Policy.
Currently 5617 (ADSP) defines the two policies:
all All mail from the domain is signed with an Author
Domain Signature.
discardable All mail from the domain is signed with an Author
Domain Signature........
Many people felt we were missing the "Signed by Anyone" concept which
did not help "authorized" 3rd party signers or the list servers who
are going to be resigning. To compensate, many viewed ADSP=ALL to
mean it allowed any signer, not just the Author Domain as defined by
the spec.
So, that would mean that anyone is allowed to spoof my 5322.From address,
provided that they sign the message, would it? I'm not sure I could think
of a useful application for that feature.
Perhaps "ADSP=anyof:example.com, example.org..." would make the system more
useful. Heck, one might even say "anyof:*", if one really wanted.
In fact, this same DKIM API includes ADSP support and it also
interprets ADSP=ALL as an anyone can sign concept as long as there is
a valid signature. There is no option in the software to follow
ADSP=ALL exactly how it it defined in 5871.
Since this is an API from a large MTA vendor, I would not ignore this
implementation "data point." If the suggestion is made the software is
"buggy" then we are back to a status quo of non-resolution of
conflicting issues regarding the author domain, 3rd party signers
and/or list servers.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html