[ietf-dkim] user level ssp
Damon
deepvoice at gmail.com
Wed Sep 6 11:45:24 PDT 2006
On 9/6/06, Douglas Otis <dotis at mail-abuse.org> wrote:
>
> On Sep 6, 2006, at 10:14 AM, Michael Thomas wrote:
>
> >
> > All of this talk about additional requirements for user level ssp
> > ignores the basic question: should there be any requirements for
> > user level SSP at all? If so, what are the use cases? I'm not
> > terribly convinced that even that has consensus -- this is the
> > first that I even recall the subject being raised.
>
> When a large financial institution wishes to have a specific email-
> address receive added assurances via annotations, then having a means
> to include these addresses within policy satisfies this desire
> without specific arrangements made separately with each verifier.
> The current strategies for financial institutions require an
> assertion that _all_ messages be signed. Not all messages from a
> large domain warrant receiving annotations of added assurances
> however. Having a means to convey which email-address warrants this
> annotation can be accomplished via policy.
>
> Rather than a direct translation into a DNS label, a base32 encoding
> of a SHA-1 hash ensures long local-parts, UTF-8, and subaddress
> symbols can be handled by this scheme. (SHA-256 could be used, but
> there does not seem to be a need for this extreme.)
>
> -Doug
+1
Regards,
Damon Sauer
More information about the ietf-dkim
mailing list