[ietf-dkim] user level ssp
pbaker at verisign.com
Thu Sep 7 09:15:09 PDT 2006
> [mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of Michael Thomas
> The utility of "I sign some" is not in the policy itself, but in the
> part of the protocol: when you find _any_ valid record, you
> know that you can stop looking for one. Depending on the
> tree walking aspects of the discovery mechanism, this could
> be a useful thing. Maybe it would be better to do this by not
> expressing any policy/practice in the otherwise valid to get
> this functionality so as not to confuse the issue with the
> semantics of "I sign some" which doesn't seem to mean much.
> I have no idea what use "I sign no mail" has.
I suggest that we replace 'I sign no mail' and 'I sign some mail' with 'Undefined'.
A policy mechanism with two values is going to be much easier to administer than one with fve degrees of freedom.
One reason I want to insist on the binary choice here is that I want to encourage publication of the only policy that is useful to a receiver. If you allow for a weasel route you are going to have a hard time getting anyone to go all the way. Its like the problem we have with Draft standard and Standard here in the IETF.
More information about the ietf-dkim