[ietf-dkim] Re: New Issue: SSP Restrictive Policies
Recommendationfor an RFC 4871 update
Frank Ellermann
nobody at xyzzy.claranet.de
Thu Jan 3 07:37:34 PST 2008
Hector Santos wrote:
> 1. If a valid Originator Signature exists, the message is not
> Suspicious, and the algorithm terminates.
> This means that the signature was verified via DKIM-BASE. It
> also means the DKIM key record was obtained and all information
> points to a 1st party signature.
Okay, I got it: You are talking about cases with a signature
that turns out to be invalid (checking DKIM). What I had in
mind was a missing (or garbage) signature, where the receiver
never checked DKIM. Yes, for your cases it accelerates SSP.
> In both cases, we short circuit the need to do a SSP discovery
> by adding an optional DKIM-BASE SSP= tag option to DKIM-BASE
> key records.
Now I don't see how "3rd party signature present" can accelerate
SSP for a missing 1st party signature, but that's no problem, I
only need to understand one case where your accelerator works ;-)
Thanks,
Frank
More information about the ietf-dkim
mailing list