[ietf-dkim] user level ssp
Michael Thomas
mike at mtcc.com
Thu Sep 7 08:43:15 PDT 2006
Wietse Venema wrote:
>Hallam-Baker, Phillip:
>
>
>>I think it is entirely likely that bigbank.com would have a situation
>>where the mail servers for its east coast offices were adding
>>signatures but the ones for the west coast were not. The part that is
>>less easy to see is whether there is value to the short term fix. It
>>is probably easier to just do the deployment.
>>But it is not certain that this will be the case.
>>
>>
>
>Wietse:
>
>
>>>This hypothetical bank can use the hypothetical "I sign some
>>>of my mail" policy until the DKIM roll-out is complete, and
>>>then transition to the "I sign all my mail" policy.
>>>
>>>A per-user mechanism is not the obvious solution for this problem.
>>>
>>>
>
>Hallam-Baker, Phillip:
>
>
>>What is the difference on the recipient side between 'I sign no
>>mail' and 'I sign some mail'?
>>
>>
>
>I understand that "I sign some of my mail" is equivalent to not
>expressing a signing policy at all, and therefore redundant. I
>don't understand the purpose of 'I sign no mail', but I suspect
>that it is just as useless as "I sign some".
>
>
The utility of "I sign some" is not in the policy itself, but in the
*discovery*
part of the protocol: when you find _any_ valid record, you know that you
can stop looking for one. Depending on the tree walking aspects of the
discovery
mechanism, this could be a useful thing. Maybe it would be better to do
this by not
expressing any policy/practice in the otherwise valid to get this
functionality so as
not to confuse the issue with the semantics of "I sign some" which
doesn't seem to
mean much.
I have no idea what use "I sign no mail" has.
Mike
More information about the ietf-dkim
mailing list