[ietf-dkim] Re: Attempted summary, SSP again
nobody at xyzzy.claranet.de
Fri Jan 27 05:21:56 PST 2006
John Levine wrote:
> I'm increasingly getting the impression that we don't really
> understand the semantics of SSP. If a domain uses SSP to say
> that it signs everything, and a message from that domain has
> both the domain's signature and someone else's, is that OK?
> I can easily imagine interpretations of SSP that would go
> either way.
I'd guess OK. The problem is the first figure in Jim's draft,
it doesn't directly indicate that mediators have to check the
SSP before they add their signature.
Indirectly it is clear, Jim's figure is actually for the case
MON -> MRN. For a mediator = ( MRN + MON ) the figure has to
be doubled: MON -> ( MRN + MON ) -> MRN.
So in the case of a mediator it's _first_ "ceck signature", if
valid check SSP, and _then_ afterwards maybe add own signature.
For the WEAK idea it needs to "check SSP" even if there is no
More information about the ietf-dkim