[ietf-dkim] user level ssp

[Douglas Otis]

On Sep 6, 2006, at 1:47 PM, J.D. Falk wrote:

> On 2006-09-06 10:45, Hallam-Baker, Phillip wrote:
>
>> The main value I see in user level policy is easing phased  
>> deployment. If you are a bank with 100,000 employees with email  
>> and you want to deploy DKIM you probably want some form of hook  
>> that lets you do it in stages.
>
> So they'll have 100,000 SSP records?
>
> Perhaps there's an easier, more flexible, more scalable hook...like  
> "we don't sign all mail."

The application envisioned would be to limit annotations for email- 
addresses where an assurance is desired.  This avoids needing to have  
a local-part pre-entered into the address book when this is used as  
an annotation filter.  Perhaps these addresses would be accounts@ or  
administrator@, and something different later.  Just a simple list  
could be used when only a few email-addresses warrant special  
annotations.  There is also an ability to use a hash of the local- 
part over a domain lookup method to infinitely expand this list, at  
the expense of an added DNS transaction.  These records should be  
small and short-lived.

Financial institution would be able to then limit the number of email- 
addresses automatically receiving special annotations.  Transactional  
messages could by convention use specific email-addresses for these  
messages.  The convention in use would be conveyed by the policy  
record.  Perhaps Yahoo! could use admin@ or accounts@ addresses to  
differentiate staff or transactional messages from those of other  
users.  The number of these email-addresses will likely be fairly  
limited, and can be limited by convention.

If there is a desire to apply a policy to all but a few email- 
address, then a hash over domain method in conjunction with a  
wildcard offers another solution.

-Doug