[ietf-dkim] Re: ISSUE: Better definition of "DKIM
signing complete" required
mike at mtcc.com
Fri Nov 24 08:47:13 PST 2006
Stephen Farrell wrote:
> Frank Ellermann wrote:
>> As they SHOULD NOT be used on _irregular_ mailing lists. Maybe more
>> cases, we should ask the 'lemonade' folks what they think about this
>> "I (defined by 2822-From) sign everything DKIM-complete" construct.
> Good idea. Do you know who to ask? If so, do so!
Can somebody explain to me what an "irregular" mailing list is?
I'm afraid that some people have a more "composed" idea of SSP than
I do. I think of SSP being two distinct things:
1) An information service provided by a domain which describes what
it does as mail passes through its infrastructure
2) A mechanism for finding and fetching information provided by the
service in (1).
I know that we've been talking about rfc2822.from alone with respect to
2 primarily, and that we've been pretty vague about whether the information
service in (1) has anything to do with any other address header. I'm not
convinced that that's right though: our signer at Cisco by policy always
signs messages which correspond to a From: or Sender: or Listid. If
SSP is just an information service, wouldn't it be better to just describe
what we do? There seems to be no particular harm in publishing what
is just a fact.
Whether a receiver wants to find/fetch information related to addresses
is its business alone. We've envisioned From as being the Most interesting
one, but it's not clear that that's _always_ the case, and we certainly
can't prevent a receiver from having an "unapproved" opinion about
which addresses it's interested in.
Long and short, my feeling is: SSP publish what it actually does; describe
the mechanism for looking up anything based on a rfc2822 address, and
just give some non-normative guidance about which addresses might be
interesting. Note also: phrasing things this way avoids the tar pit of
that we're "solving phishing", etc.
More information about the ietf-dkim