[ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to
unsigned messages
Wietse Venema
wietse at porcupine.org
Thu Jan 24 16:20:11 PST 2008
For the record, one minor correction for sloppy language.
Wietse
Wietse Venema:
> Arvel Hathcock:
> > > No worries. The proposed change is to focus the benefits that SSP
> > > can provide in scenarios as outlined above, not to discourage the
> > > deployment of SSP.
> >
> > Could there be broader agreement on an SSP specification that lays out
> > how to do an SSP lookup but doesn't rigidly mandate where to look or
> > when to look? Instead, the spec would lay out several scenarios as
> > examples; chief amongst those being when signatures do not match the
> > From: domain?
>
> I have been thinking along those lines for the past week or so,
> recognizing that DKIM and SSP results will likely be used together
> with other data points that may get a higher or lower weight
> depending on receiver preferences.
>
> As you recognize, the easiest scenarios are the ones with "valid
> first-hand signature" and "no valid signature". In the former case,
> the DKIM signature provides a data point, in the latter the case, SSP.
>
> The scenario with "valid third-party signature" provides two data
This should be: "valid third-party signature only"
> points, one from the DKIM signature and one from SSP. Which of the
> two gets more authority is something that IMHO only the receiver
> can decide; just like the receiver decides on their weight relative
> to any other data points.
>
> This does not change fundamentally when there are more than one
> author. One reasonable approach seems to iterate over the list, up
> to some sane upper bound.
>
> Wietse
>
> _______________________________________________
> NOTE WELL: This list operates according to
> http://mipassoc.org/dkim/ietf-list-rules.html
>
>
More information about the ietf-dkim
mailing list