[ietf-dkim] Clarification: Requirement #8
deepvoice at gmail.com
Wed Aug 9 08:54:35 PDT 2006
On 8/9/06, Stephen Farrell <stephen.farrell at cs.tcd.ie> wrote:
> Damon wrote:
> > 8. The Protocol is not required to publish a Practice of any/all
> > unreleated third parties that MUST NOT sign on the domain
> > holder's behalf.
> > [INFORMATIVE NOTE: this is essentially saying that the
> > protocol doesn't have to concern itself with being a
> > blacklist repository.]
> > Spelling issue: unreleated = unrelated
> > also
> > This might be a semantics issue but, does this mean that, while it is
> > not required, it is still an option to be able to publish who MUST NOT
> > sign?
> As I read it, it says that the (SSP) protocol MUST NOT have that
> feature. Some other protocol might.
> Personally I think this is right since I can't think of any
> reason why the presence of a signature would in itself be a
> negative. I guess that 5.3, req #9 also more-or-less says this.
> I (and others, I expect) would argue strongly that it would
> be wrong to do otherwise.
> We had a related discussion about whether mail is required to
> be routed directly or not, but that should IMO be separate from
> this and doesn't currently seem to be in the document, which
> again I think is probably correct, though others may differ.
> PS: The above is with chair hat off, of course.
I am thinking that the purpose of the original discussion was to keep
the OA's reputation from being tarnished by the subsequent signers.
Like it or not, the sig is likely going to be tied to reputation
somehow anyway. Are there any thoughts on how to avoid this?
<I have all my hair so no need to wear a hat>
More information about the ietf-dkim