MX dot was (Re: [ietf-dkim] TXT wildcards SSP issues
dotis at mail-abuse.org
Fri Jun 8 07:04:36 PDT 2007
On Jun 8, 2007, at 2:01 AM, Jon Callas wrote:
> It doesn't change any semantics at all. DKIM-BASE does recommend
> ignoring failures. But the whole point of SSP is to consider the case
> where we don't want to ignore failures. We want a missing/broken/etc.
> signature to have meaning.
> The receiver doesn't have to do anything. It can ignore all of DKIM.
> But if it doesn't want to, that's where SSP comes in.
> The hack I describe is merely setting up your DKIM parameters so that
> any signature on a message must be erroneous; the receiver then does
> whatever they want, including using SSP.
While that should be possible, it also does not provide an optimal
construct. Exclusions would be possible only as a result of
processing a signature. Providing a method to directly indicate
whether a signature is valid based upon its domain can offer better
protection from subsequent queries or the processing of signatures.
This could also be extended by an authorization schemes where DKIM is
only checked when it is likely to provide a valid result.
More information about the ietf-dkim