[ietf-dkim] New Issue: Applicability of SSP to subdomains
fenton at cisco.com
Thu Dec 7 20:33:13 PST 2006
I'm really confused by your reply. The question is simply, "should it
be possible for an SSP record published by example.com to also apply to
sub.example.com [for any value of sub]". I don't see how it relates to
EAI, annotation, and so forth.
I interpret your response as expressing the position that this should
not be a requirement. Let me know if I have that wrong.
Douglas Otis wrote:
> On Dec 7, 2006, at 2:46 PM, Jim Fenton wrote:
>> I'd like to bring up this topic again, which I raised on November 9
>> and got only a little discussion and didn't make it into the issue
>> tracker. The various drafts that have been proposed for SSP differ
>> substantially in how they address subdomains, and I'd still like to
>> understand whether this is an SSP requirement or not.
> This concern incorrectly assumes protection is afforded as a type of
> prohibition. Such a prohibition fails with respect to EAI, as this
> eliminates reliance upon visual inspection, as well as changing
> headers viewed by the recipient.
> When the protection afforded by DKIM is abased upon an annotation of
> the "recognized" email-addresses "associated" with a valid signature,
> then there is _no_ need to have policy be associated with
> sub-domains. There is also _no_ need to search for policy either.
> Without an "associative" mechanism, the message simply does not
> receive any annotation. Nothing is blocked, but then nothing gets
> annotated either.
> DKIM requires some form of annotation as the signature is invisible by
> design. The "recognition" of the email-address should be based upon
> actual email-addresses comparisons that have been previously retrained
> by the recipient. These retained email-addresses might be in the form
> of an address-book or a DAC compatible list.
> It is hard to imagine chasing 2 million new domains every day. It
> does not matter what policy is required, or what hoops bad actors jump
> through, they will not be limited by these requirements. Just the
> opposite. Nor will reliance upon visual examination offer any
> protection either. Just the opposite. There is a large part of the
> world that does not even use ASCII email-addresses. : )
More information about the ietf-dkim