[ietf-dkim] "I sign everything" yes/no
Dave Crocker
dhc at dcrocker.net
Tue Nov 21 15:27:15 PST 2006
J.D. Falk wrote:
> But this message isn't signed (and/or the signature is invalid, which
> base says is the same thing.) How do I find out whether or not the
> First Amalgamated Bank of Example thinks that they sign all of their
> messages? That should be a simple, binary operation, right? I really
> don't care about anything else the sender may want to assert.
Your premise is that you will find it useful to know that First Amalgamated
purports to sign everything. Let's ignore what you will do with that
information; it's your business not ours (and possibly not even First
Amalgamated's.)
The next question is whether there is a rough consensus of folks, here, who
agree with the desire to know this information.
I will ask for one clarification: What do you mean "I really don't care about
anything else the sender may want to assert"? Certainly only the sender -- if,
by sender, you mean FirstAm -- is the only one that can claim that they sign
everything.
> Should that be in SSP? Should it be in something else? Should I
> encourage all of the banks to use a non-standardized external mechanism
> while y'all argue?
Discussion, here, has been about having an SSP flag that lets a potential signer
say "I sign all my mail and my signature matches the rfc2822.From (or maybe
rfc2822.Sender) field domain name."
Would this satisfy the requirement you are offering?
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
More information about the ietf-dkim
mailing list