[ietf-dkim] NEW ISSUE: Limit the application of SSP to unsigned
dhc at dcrocker.net
Sun Dec 9 09:04:20 PST 2007
> 2. Unsigned vs. Mismatched Signature
> The original SSP specification applied only to unsigned messages. The current
> version includes mail that is signed but has different domains between the
> DKIM i= attribute and the rfc2822.From field. Presumably, this new capability
> overrides whatever reputation is associated with the message signer.
> If a signer has a good reputation, then why is that not sufficient for
> enabling delivery? In other words, with a signature of a domain with a good
> reputation, what threats is SSP trying to protect against?
To the extent that the above is not sufficiently clear:
All text that causes SSP to be applied to an already-signed message
needs to be removed.
A DKIM signature is a statement of responsibility. When a signature is
present, an organization has taken responsibility for the message.
Reconciling an existing signature against another identity field, such as
rfc2822.From moves the use of DKIM from statements about simple transit
responsibility into assertions of content legitimacy and/or accuracy. This is
out of scope for DKIM.
More information about the ietf-dkim