[ietf-dkim] user level ssp
mike at mtcc.com
Thu Sep 7 08:43:15 PDT 2006
Wietse Venema wrote:
>>I think it is entirely likely that bigbank.com would have a situation
>>where the mail servers for its east coast offices were adding
>>signatures but the ones for the west coast were not. The part that is
>>less easy to see is whether there is value to the short term fix. It
>>is probably easier to just do the deployment.
>>But it is not certain that this will be the case.
>>>This hypothetical bank can use the hypothetical "I sign some
>>>of my mail" policy until the DKIM roll-out is complete, and
>>>then transition to the "I sign all my mail" policy.
>>>A per-user mechanism is not the obvious solution for this problem.
>>What is the difference on the recipient side between 'I sign no
>>mail' and 'I sign some mail'?
>I understand that "I sign some of my mail" is equivalent to not
>expressing a signing policy at all, and therefore redundant. I
>don't understand the purpose of 'I sign no mail', but I suspect
>that it is just as useless as "I sign some".
The utility of "I sign some" is not in the policy itself, but in the
part of the protocol: when you find _any_ valid record, you know that you
can stop looking for one. Depending on the tree walking aspects of the
mechanism, this could be a useful thing. Maybe it would be better to do
this by not
expressing any policy/practice in the otherwise valid to get this
functionality so as
not to confuse the issue with the semantics of "I sign some" which
doesn't seem to
I have no idea what use "I sign no mail" has.
More information about the ietf-dkim