[ietf-dkim] I sign nothing / only only 3rd party / some mail
Hector Santos
hsantos at santronics.com
Thu Jul 27 15:50:12 PDT 2006
----- Original Message -----
From: "Paul Hoffman" <phoffman at proper.com>
To: <ietf-dkim at mipassoc.org>
Sent: Thursday, July 27, 2006 2:26 PM
Subject: [ietf-dkim] I sign nothing / only only 3rd party / some mail
> I am completely confused by "I sign nothing" and "I sign only 3rd
> party" and "I sign some mail". I don't see the value of those to the
> recipient.
>
> "I sign nothing" seems weird. If I have something signed by your
> domain, and I cannot get the signing key from your domain, "I sign
> nothing" adds no value. The signature is invalid.
When you have a "Ignore if invalid/error"" BASE methodology, the SSP and
DSAP declaractions is explicit in telling you want to expect.
> "I sign only 3rd party" has the same attack problem as "I sign nothing".
I don't see the attack problem in "I sign nothing" so...
> "I sign some mail" doesn't tell the recipient anything useful.
Agree. Relaxed polices will be more abused as with anything relaxed. But
lets not confused it with multiple domains where each has a different
policy. The problem with relaxed policies is when the ratio of abused vs
success gets higher. So its fine until its starts getting abused and it
might begin to affect all transactions from the domain. That might be good
or bad.
> What am I missing?
You are telling the world about what you expect with any purported domain
junk coming their way. The BASE doesn't help them. SSP does.
---
HLS
More information about the ietf-dkim
mailing list