MX dot was (Re: [ietf-dkim] TXT wildcards SSP issues
deepvoice at gmail.com
Wed Jun 6 06:54:28 PDT 2007
> You're right. I meant the NO-MAIL policy in my paragraph below. To me,
> the fundamental "natural laws" for DKIM or any SIGNING concept is:
> - I ALWAYS SIGN THIS DOMAIN
> - I NEVER SIGN THIS DOMAIN
> - SIGNED OR NOT SIGNED, DO NOT EXPECT MAIL FROM THIS DOMAIN -
> WE DON'T USE THIS DOMAIN FOR EMAIL. PERIOD.
> - NO ONE BUT MY DOMAIN SIGNS (no 3rd parties)
> - OTHERS CAN SIGN (Preferably from an authorized list)
> It really has nothing to do with the validity of the signature. The
> mere fact that one of the above may conflict with the domain
> expectations is a protocol violation in itself.
> And what is very important, which what DSAP was all about, they can all
> easily happen naturally in practice directly and indirectly - hence a
> security issue.
> Hector Santos, CTO
Agreed. We are on the same page.
However, does "I sign no mail" mean "I send no mail"?
I don't think it does, but I think this is a source of confusion
because I have seen the terms mixed several times.
More information about the ietf-dkim