[ietf-dkim] user level ssp
johnl at iecc.com
Sat Sep 9 10:19:17 PDT 2006
>> 1 - All mail from this domain is signed (valid).
>> 3 - This domain sends no mail (effectively equivalent to ).
>I don't think these two are equivalent.
Sigh. Please provide an operational example where a reciever would
treat mail differently. To help things along, here are the cases:
a) Unsigned message from domain arrives. Since there is no valid
signature, there is no relevant key record in the DNS.
b) Signed message from the domain arrives. Since there is a valid
signature, it was verified using a valid key record from the domain's
Straightforward case analysis:
1-a: throw message away, it's forged
3-a: throw message away, it's forged
1-b: accept mail with good signature
3-b: accept mail with good signature, perhaps tell domain owner that his
SSP is bogus
More information about the ietf-dkim