On July 28, 2005 at 23:34, "Hector Santos" wrote:
I thought the SSP was part of the key policy. I naturally thought that is
where it makes sense on a per KEY basis.
This assumes that the key is "owned" by the OA (Originating Address).
The SSP is what the OA defines, not what the signer defines. The signer
controls the key, and the signer may not be the OA.
Why isn't this part of the PER key policy?
It is a per domain. Not per selector. I think having it per selector as a
domain override might help address part of this problem.
I would state it this way: Since it is possible to have a key per OA,
why not support per OA SSPs?
Right now the DKIM SSP draft does not allow this, SSP is only defined
at the OA domain level:
_policy._domainkey.<domain>
Where <domain> is the domain portion of the OA address. This requires
that all address for that domain are required to share the same SSP.
I think it is worth considering supporting something like:
<local-part>._policy._domainkey.<domain>
along with the domain level SSP, where <local-part> is the local-part
of the OA address.
This may definitely be useful for "affinity"-type domains where each
user may want to establish their own SSP from other users. Also
possibly useful for business where some addresses may have more
restrictive SSPs (like for executives) vs other addresses.
--ewh