MX dot was (Re: [ietf-dkim] TXT wildcards SSP issues
Damon
deepvoice at gmail.com
Wed Jun 6 06:54:28 PDT 2007
> Damon,
>
> You're right. I meant the NO-MAIL policy in my paragraph below. To me,
> the fundamental "natural laws" for DKIM or any SIGNING concept is:
>
> - I ALWAYS SIGN THIS DOMAIN
>
> - I NEVER SIGN THIS DOMAIN
>
> - SIGNED OR NOT SIGNED, DO NOT EXPECT MAIL FROM THIS DOMAIN -
> WE DON'T USE THIS DOMAIN FOR EMAIL. PERIOD.
>
> - NO ONE BUT MY DOMAIN SIGNS (no 3rd parties)
>
> - OTHERS CAN SIGN (Preferably from an authorized list)
>
> It really has nothing to do with the validity of the signature. The
> mere fact that one of the above may conflict with the domain
> expectations is a protocol violation in itself.
>
> And what is very important, which what DSAP was all about, they can all
> easily happen naturally in practice directly and indirectly - hence a
> security issue.
>
> --
> Sincerely
>
> Hector Santos, CTO
> http://www.santronics.com
> http://santronics.blogspot.com
Agreed. We are on the same page.
However, does "I sign no mail" mean "I send no mail"?
I don't think it does, but I think this is a source of confusion
because I have seen the terms mixed several times.
Regards,
Damon Sauer
More information about the ietf-dkim
mailing list