Re: SSP - policy location compatibility with DK

Well, this idea won't fly.  My lead developer just mentioned that if DKIM 
and DK share the same policy location you can get into trouble if you are 
signing all messages with DK (or DKIM).

Suppose for example that a site signs all messages with only one of the 
algorithms (DK for example).  A receiver that is DKIM capable would end up 
using the senders DK policy and fail the mail.

That's unacceptable I imagine.

--
Arvel


> ----- Original Message ----- 
> From: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
> To: "Arvel Hathcock" <arvel(_at_)altn(_dot_)com>; "IETF MASS WG" 
> <ietf-mailsig(_at_)imc(_dot_)org>
> Sent: Thursday, July 28, 2005 12:10 PM
> Subject: Re: SSP - policy location compatibility with DK
>
>
> > ----- Original Message -----
> > From: "Arvel Hathcock" <arvel(_at_)altn(_dot_)com>
> >
> >
> > > I can completely agree that the policy be located where the current SSP
> > > draft states - _policy._domainkey.<domain>.  However, I would like to
> > > propose (no surprise) that there be a "informative implementation note" 
> > > or
> > > whatever the appropriate vehicle is to say something like this:
> > >
> > > "In the event that an SSP record can not be located at
> > > _policy._domainkey.<domain> a verifier SHOULD look for the SSP record at
> > > _domainkey.<domain>."
> >
> > I agree.  One location.
> >
> > Why not just <domain>?
> >
> > --
> > Hector Santos, Santronics Software, Inc.
> > http://www.santronics.com