[ietf-dkim] A few SSP axioms
Michael Thomas
mike at mtcc.com
Tue Aug 1 08:11:49 PDT 2006
Damon wrote:
> I was having this discussion with someone off-list but...
>
> Where I live, I am serviced by only one ISP. I get a discount by
> having my services (business, home, cell, internet, etc) bundled by
> this one provider and they sign all my messages. Choosing another
> provider etc. may not be financially agreeable. I also know that
> there are spammers or bots on this provider that take enjoyment out
> of using my name. So I want to say- Trust my signature but expressly
> distrust my providers signature if not also signed by me. Both
> messages, mine and the spammers are genuine and unchanged, signed by
> my provider, but only my signed messages are valid.
> I see this as a feature.
I think this reduces down to the 1st party scenario: you sign your mail,
and it may in transit collect some other signatures (your ISP). So long as
you have a policy which is, say, "I sign everything", the addition of other
signatures shouldn't cause any trouble -- the policy is about the 1st party,
not the third party.
There has been suggestion in the past of the desire for a policy for "I sign
everything, don't accept a message with *any* third party signatures". I've
yet to see why anybody would want to set such a policy in real life though.
Mike
More information about the ietf-dkim
mailing list