Re: SSP - when to perform




Arvel Hathcock wrote:


Sorry, just starting this on a new thread:

We need clearer text in the SSP draft siting when a check is required and
when it isn't.  Perhaps this language could clear it up some:

"Sender Signing Policy Checks MUST be based on the Originator Address and
are REQUIRED in the following situations:

a) all unsigned messages MUST perform a Sender Signing Policy Check
b) all signed messages in which there are no verifiable signatures MUST
perform a Sender Signing Policy Check
b) all signed messages which contain a verifiable signature in which the
domain of the signing entity is not the same as or a parent domain of the
Originator Address MUST perform a Sender Signing Policy Check

The second b) misses some situations where the originator and thirdparty happen to be in the same domain, and keys are at a finer level ofgranularity than the domain.

With the granularity problem fixed, I think the wording that currentlyexists is correct, but it should be clarified because there seems to bea lot of confusion about this.



-Jim

<Prev in Thread]	Current Thread	[Next in Thread>
SSP - when to perform, Arvel Hathcock Re: SSP - when to perform, Earl Hood Re: SSP - when to perform, Arvel Hathcock Re: SSP - when to perform, Hector Santos Re: SSP - when to perform, Jim Fenton <=

Previous by Date:	Re: SSP outbound signing policy, Jim Fenton
Next by Date:	Re: SSP outbound signing policy, Jim Fenton
Previous by Thread:	Re: SSP - when to perform, Hector Santos
Next by Thread:	SSP - specifying the third-parties, Arvel Hathcock
Indexes:	[Date] [Thread] [Top] [All Lists]