[ietf-dkim] A few SSP axioms
dotis at mail-abuse.org
Mon Jul 31 08:12:19 PDT 2006
On Mon, 2006-07-31 at 10:02 -0400, John L wrote:
> If a message has a signature, no amount of SSP can unsign it. It
> might be able to say that a signature is missing, e.g., it's signed by
> your ISP but the SSP says it's supposed to be signed by you, too.
> The other axiom is that any useful SSP statement (again excepting I
> send no mail) contains "all". Statements like "I sign some mail" are
> useless, because they validate any message, signed or not.
This depends. If there is a list of designated signing domains, and an
exception that allows other non-designated domains, then the benefits
might be limited to just the designated domains, where this would be
useful in assuring delivery.
> Statements like "I sign no mail" are useless because recipients will
> already have figured that out when they see no signatures, or else
> your SSP is broken if they do see signatures.
The marginal benefit would be found when dealing with the handling of
invalid signatures. Are they bogus or broken? A policy statement could
short-cut several transactions attempting to deal with these cases.
While there should be no key, the lack of a key could also occur for
other reasons. Being direct seems to have some value.
More information about the ietf-dkim