[ietf-dkim] Delegating responsibility: a make vs. buy design
deepvoice at gmail.com
Thu Aug 17 15:31:48 PDT 2006
On 8/17/06, Wietse Venema <wietse at porcupine.org> wrote:
> Dave Crocker:
> > To explore this approach a bit further, I'm going to wonder about the supposed
> > need for an SSP check when a signature is present.
> > If a signature uses a domain related to the author's domain, then we have
> > no SSP issue. The author's domain is used for assessment. No SSP query need be
> > made.
> [Plus a straightforward DNS-based delegation mechanism so that the
> author's ISP can use a UNIQUE signing domain that relates directly
> to the author's domain]
> > If a signature is not present, THEN an SSP "I sign everything" record might
> > be useful (modulo the problem of surviving mailing list.)
> > If a signature is present, but is not associated with the author's domain,
> > then make the assessment based on the signing domain, not the author's domain.
> > Again, no SSP query is needed.
> > OK. Start shooting...
> I like this. This is very close to what I want: signed mail that
> speaks for itself, whether it's first-party or third-party signed.
> No batteries required.
Sounds good to me. But it's late... :-)
More information about the ietf-dkim