MX dot was (Re: [ietf-dkim] TXT wildcards SSP issues
jon at callas.org
Fri Jun 8 02:01:32 PDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
On Jun 7, 2007, at 6:06 AM, Hector Santos wrote:
> Jim Fenton wrote:
>> Jon Callas wrote:
>>> In short -- saying "I sign everything" with a non-existent or
>>> bogus key is the same thing as saying, "You'll never see a valid
>>> one of these."
>> But I agree with this statement, which I think is your main point.
> Sure, but unless I am missing a changing of philosophy, this goes
> against DKIM-BASE "ignore failures" design.
> I was under the impression, the whole point of the SSP layer is to
> give DKIM domains and verifiers some authority to handle the DKIM
> signature expectation violations.
> Is that what we want? change the semantics of DKIM-BASE?
It doesn't change any semantics at all. DKIM-BASE does recommend
ignoring failures. But the whole point of SSP is to consider the case
where we don't want to ignore failures. We want a missing/broken/etc.
signature to have meaning.
The receiver doesn't have to do anything. It can ignore all of DKIM.
But if it doesn't want to, that's where SSP comes in.
The hack I describe is merely setting up your DKIM parameters so that
any signature on a message must be erroneous; the receiver then does
whatever they want, including using SSP.
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.1
-----END PGP SIGNATURE-----
More information about the ietf-dkim