[ietf-dkim] Attempted summary, SSP again

Hallam-Baker, Phillip pbaker at verisign.com
Fri Jan 27 11:07:49 PST 2006 

I suggest that a good way to try to focus the discussion here would be
to abandon the punctuation syntax while we discuss the semantics, work
out what semantics should be there and then decide whether the
punctuation syntax is worth keeping.

I would also suggest that meta discussion, that is discussion about
whether we should be having a discussion on a particular topic cease
unless it comes from the chairs. It is quite reasonable to point out to
a poster that their point has been made and rejected, telling them that
their point should not be debated yet serves no useful purpose.


In my view the design of the policy statement should be based on the
folowing principles:

* It is the exclusive right of the domain name owner to decide 
  how the domain name is used.
	* for the purpose of the spec the domain name owner should 
	  be presumed to be the party that controls the DNS records
	* The domain name owner can decide the importance of edge 
	  cases such as mail that does not pass through the
	  approved gateways.

* A policy record does not modify the semantics of a DKIM digital 
  signature
	* The semantics of the signature are exclusively defined by the
	  DKIM signature header and the referenced key record (or other
	  key distribution/assertion mechanism referenced in the header
	  or key record)

* The purpose of a policy record is to assist a recipient interpret
	the absence of a valid signature record.

* A policy record describes the intended outbound signing policy of 
  the sender.
	SEND = ALWAYS | SOMETIMES{detail} | NEVER SIGN | NEVER SEND

* A policy record may contain additional information to guide
interpetation
  of the absence of a signature, for example that the sender is a 
  frequent target of phishing attack.
	TARGET = PHISHING{detail}

* A policy mechanism may advertise support for specific incident
reporting
  mechanisms in the case that an invalid signature is found.
	REPORT = RID | ...

* A policy mechanism may specify certain characteristics of a valid
signature,
  for example the signature algorithm used &ct.

More information about the ietf-dkim mailing list