[ietf-dkim] When will there be SSP Requirements-01?

[Douglas Otis]

On Aug 15, 2006, at 7:36 AM, Scott Kitterman wrote:

> It seems like comments have died down on the -00 draft.  Given the  
> number of
> comments/revisions, is an 01 draft planned so we can review that?

There should be an explicit means to differentiate the Bigbank  
scenario from that described as the DKIM Signer Extended scenario.   
There were several comments supporting an ability of policy for  
making this distinction.  The added definition of DKIM Signer  
Extended could be viewed as representing a flag indicating that the  
 From domain is _not_ the target of a phish and uses common email  
services in conjunction with ensuring all initial messages are in  
compliance with the DKIM policy.

To accommodate suitable language for policy to include an  
authoritative list of designated domains, references to First Party  
Signatures should probably be changed to Designed Domain Signatures  
unless clarifying whether the policy lookup is required.

With the use of nominative language throughout, a reference to  
RFC2019 seems appropriate which is normally a few lines added to the  
Definitions section.

It is important being able to declare a state like DKIM Signer  
Complete or DKIM Signer Extended, it also equally important that not  
declaring these states should be a requirement for policy.  In other  
words, these states should not be implied by some other policy  
assertion related to a different feature.  The ability to designate a  
domain should not be impaired by possible delivery issues.  While  
there can be no guarantee how a verifier handles policy, policy  
should at least be able to accurately express common usage.

-Doug