[ietf-dkim] user level ssp
John Levine
johnl at iecc.com
Sat Sep 9 10:19:17 PDT 2006
>> 1 - All mail from this domain is signed (valid).
>>
>> 3 - This domain sends no mail (effectively equivalent to [1]).
>
>I don't think these two are equivalent.
Sigh. Please provide an operational example where a reciever would
treat mail differently. To help things along, here are the cases:
a) Unsigned message from domain arrives. Since there is no valid
signature, there is no relevant key record in the DNS.
b) Signed message from the domain arrives. Since there is a valid
signature, it was verified using a valid key record from the domain's
DNS.
Straightforward case analysis:
1-a: throw message away, it's forged
3-a: throw message away, it's forged
1-b: accept mail with good signature
3-b: accept mail with good signature, perhaps tell domain owner that his
SSP is bogus
R's,
John
More information about the ietf-dkim
mailing list