[ietf-dkim] 1358 ssp-requirements-01 // DKIM Strict definition
needed.
Stephen Farrell
stephen.farrell at cs.tcd.ie
Wed Oct 11 07:08:53 PDT 2006
Doug,
That was agreed to be closed on the jabber session.
No-one spoke against that, so please consider this closed/rejected.
(Eliot - you can close it now, thanks.)
Stephen.
Douglas Otis wrote:
> https://rt.psg.com/Ticket/Display.html?id=1358
>
> Prior to the policy requirements, there were several supporting this
> concept of "strict". There is a need for more than just an assertion
> that "all messages are signed." Making an assertion that "all messages
> are signed" might mean only messages with invalid signatures should be
> introduced by services known to damage signatures. This would be an
> incorrect assumption when dealing with commerce related transactions
> from a heavily phished domains. The need for this added assertion is
> already found in Eric's latest SSP draft.
>
> Two assertions are required when all messages are initially signed.
> Otherwise the partial information of "all messages are signed" may
> induce improper handling. This would be especially true when sources
> known to damage signatures are used to enable exceptions.
>
> To avoid improper handling two assertions must be allowed:
>
> 1 ) All messages are signed.
> 2 ) Services that might damage the signature are avoided.
>
> -Doug
>
>
>
> _______________________________________________
> NOTE WELL: This list operates according
> tohttp://mipassoc.org/dkim/ietf-list-rules.html
>
More information about the ietf-dkim
mailing list