[ietf-dkim] Responsibility vs. Validity
Stephen Farrell
stephen.farrell at cs.tcd.ie
Wed Nov 28 05:03:27 PST 2007
Jim Fenton wrote:
> If there is consensus that this indeed isn't clear, we could easily add
> verbiage to SSP stating that domains publishing SSP records other than
> "unknown" MUST additionally ensure that they only sign messages
> purporting to come from themselves when the address in the From: header
> field is valid. That way, we're putting the additional burden on those
> who publish SSP records but are not trying to modify the meaning of RFC
> 4871
I'd wonder how "purporting" and "valid" above would be
strictly defined.
And for any such pair of definitions, I'd then wonder how
I'd check the "MUST" by looking at someone's code.
Do we really want to go there in SSP? (Maybe guidance in
the overview would be better if we want to say anything
about this.)
S.
More information about the ietf-dkim
mailing list