[ietf-dkim] SSP additional tag?

[Damon]

If I have a domain that my ISP is my MTA then my ISP is my SPF.
In this case, if the message is signed, it is truly specific to me.

And I disagree with the breaking of forwarding...

User A sends a message from the home office in Walla Walla. It is signed by
the home office's MTA and also by the ISP's MTA and is delivered to User B's
MTA. B's MTA checks the DKIM record which shows that I aways sign messages
coming from MTA A's ISP's IP. (or you can take A's ISP out of the mix)-
Works great.

User A then travels to Pasadena and forwards a signed message from the
Holiday Inn. Since the signature is in the header, it is assumed that it is
signed and B's MTA will still check the signature and it will still be good.
Regardless of whether Holiday Inn's MTA also signed the message.

User A then sends a new message from Holiday Inn to user B whose MTA checks
the DNS record which shows that only messages from user A's IP range *must*
be signed. Since it does not all within this range. The message will still
be good.

Regards,
Damon


On 8/2/06, wayne <wayne at schlitt.net> wrote:
>
> In <62146370608020847v2d1e25aak692ab8d1e4711bc3 at mail.gmail.com> Damon <
> deepvoice at gmail.com> writes:
>
> > Such as "I always sign mail from servers on my SPF record or CIDR(s)"
>
> For me, one of the big advantages of DKIM/DK is that it doesn't break
> (as often) on forwarding, which complements SPF which doesn't break
> (as often) on mailing lists.
>
> Maybe I'm missing something, but I'm not sure that specifying the
> source MTA that signs stuff has any real advantage over just using
> SPF.
>
>
> -wayne
> _______________________________________________
> NOTE WELL: This list operates according to
> http://mipassoc.org/dkim/ietf-list-rules.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mipassoc.org/pipermail/ietf-dkim/attachments/20060802/fc86e49c/attachment.html