[ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to unsigned messages

Jim Fenton fenton at cisco.com
Thu Jan 24 11:27:42 PST 2008 

Wietse Venema wrote:
> Dave Crocker:
>   
>> Stephen Farrell wrote:
>>     
>>>>> 1521    Limit the application of SSP to unsigned messages    new dkim
>>>>> Nobody    0 dhc at dcrocker.net    9 days ago        9 days ago    0
>>>>>           
>>>>> Proposal: REJECT, but some wording changes may be needed for the next 
>>>>> rev, thread is [4] I mainly saw opposition to the change suggested in
>>>>> the issue, and little support, but some text clarifying changes were
>>>>> suggested (e.g. [5]). [4]
>>>>> http://mipassoc.org/pipermail/ietf-dkim/2007q4/008424.html [5]
>>>>> http://mipassoc.org/pipermail/ietf-dkim/2007q4/008467.html
>>>>>           
>>>> Would you please explain the basis for assessing that this topic got 
>>>> sufficient discussion and that there was rough consensus on it?
>>>>         
>>> See above "I mainly saw..."
>>>       
>> Summary of proposal:
>>
>>     
>>> All text that causes SSP to be applied to an already-signed message 
>>> needs to be removed.
>>>       
>
> I would take this further: remove all text that says when to apply
> SSP.  Instead, provide text that states the contribution that SSP
> can make under different conditions:  mail with valid first-party
> signature, mail with valid third-party signature, and mail without
> valid signature.
>   

I mostly agree with Wietse's proposal.  Yes, I'm aware that diverges 
sharply from the current draft.

The original proposal in the issue, "All text that causes SSP to be 
applied to an already-signed message needs to be removed," could be 
interpreted as discouraging the use of SSP anytime there is any valid 
signature on a message.  I certainly read it that way at first, and from 
some of the responses I have seen, others are reading it that way too.

If there's a signature on a message that the verifier trusts 
sufficiently that they're going to treat the message as valid, then 
there isn't a lot of point in retrieving the SSP record.  Note that I 
say "trusts sufficiently" because trust isn't a black-and-white thing; a 
verifier might trust some signatures completely, and accept mail bearing 
those signatures regardless.  Other signatures, (e.g., from a mailing 
list) might be trusted enough to accept mail from some domains, but not 
from a domain that is used exclusively for transactional email.  The 
verifier also might use SSP to determine which domains fall into this 
transactional category.  But it's up to the verifier to decide when SSP 
adds value, and retrieve it then.

The current normative language in SSP was an attempt to:

(1) Define SSP in such a way that SSP, taken alone, produces a 
deterministic result, even though it was recognized that the SSP result 
would be combined with other things in determining the ultimate handling 
of the message

(2) Avoid placing a normative dependence on reputation, accreditation, 
and other things that are out of the scope of the WG.  The widely 
misunderstood term "verifier acceptable third-party signature" was a 
subtle nod to reputation, but it seems it was far too subtle.

-Jim

More information about the ietf-dkim mailing list