[ietf-dkim] When will there be SSP Requirements-01?
dotis at mail-abuse.org
Tue Aug 15 10:54:28 PDT 2006
On Aug 15, 2006, at 7:36 AM, Scott Kitterman wrote:
> It seems like comments have died down on the -00 draft. Given the
> number of
> comments/revisions, is an 01 draft planned so we can review that?
There should be an explicit means to differentiate the Bigbank
scenario from that described as the DKIM Signer Extended scenario.
There were several comments supporting an ability of policy for
making this distinction. The added definition of DKIM Signer
Extended could be viewed as representing a flag indicating that the
From domain is _not_ the target of a phish and uses common email
services in conjunction with ensuring all initial messages are in
compliance with the DKIM policy.
To accommodate suitable language for policy to include an
authoritative list of designated domains, references to First Party
Signatures should probably be changed to Designed Domain Signatures
unless clarifying whether the policy lookup is required.
With the use of nominative language throughout, a reference to
RFC2019 seems appropriate which is normally a few lines added to the
It is important being able to declare a state like DKIM Signer
Complete or DKIM Signer Extended, it also equally important that not
declaring these states should be a requirement for policy. In other
words, these states should not be implied by some other policy
assertion related to a different feature. The ability to designate a
domain should not be impaired by possible delivery issues. While
there can be no guarantee how a verifier handles policy, policy
should at least be able to accurately express common usage.
More information about the ietf-dkim