[ietf-dkim] Re: 3rd party signing
hsantos at santronics.com
Mon Jul 31 13:09:32 PDT 2006
----- Original Message -----
From: "Dave Crocker" <dhc at dcrocker.net>
To: <Bill.Oxley at cox.com>
> There is a pretty substantial history that says that Internet
> protocols succeed when they are simple and precise and that
> their core semantics carry little or no opportunity for
> making semantic choices.
I agree, and in my view, SSP and DSAP is consistent with this old school
mentality but with a renewed focus not to play down the obvious for the sake
of unrestricted usefulness which in the old days, the problems were
That doesn't apply today with an high alertness of security and abusive
nature of email broadcasting.
SSP/DSAP addresses the unprotected semantics of the DKIM-BASE protocol.
The problem seems to be that these DKIM-BASE defined semantics do not need
Overall, the DKIM-BASE protocol consistency questions will be:
o Does the domain ever distribute mail?
o Do you expect the mail to be unsigned?
o Do you expect to sign all mail?
o Is your domain the exclusive signer?
o Are 3rd party signers or signatures allowed?
o Are 3rd party signers allowed to strip your original signatures?
These are basic fundamental signature authorization considerations that are
lacking in the core DKIM protocol message signature methodology.
Hector Santos, Santronics Software, Inc.
More information about the ietf-dkim