[ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to
chl at clerew.man.ac.uk
Fri Jan 25 07:18:17 PST 2008
On Thu, 24 Jan 2008 16:18:32 -0000, Dave Crocker <dhc at dcrocker.net> wrote:
> Stephen Farrell wrote:
>>>> 1521 Limit the application of SSP to unsigned messages new dkim
>>>> Nobody 0 dhc at dcrocker.net 9 days ago 9 days ago 0
>>>> Proposal: REJECT, but some wording changes may be needed for the next
>>>> rev, thread is  I mainly saw opposition to the change suggested in
>>>> the issue, and little support, but some text clarifying changes were
>>>> suggested (e.g. ). 
>>>> http://mipassoc.org/pipermail/ietf-dkim/2007q4/008424.html 
>>> Would you please explain the basis for assessing that this topic got
>>> sufficient discussion and that there was rough consensus on it?
>> See above "I mainly saw..."
> Summary of proposal:
>> All text that causes SSP to be applied to an already-signed message
>> needs to be removed.
> I would like to ask folks with an opinion about this proposal to post an
> explicit note stating support or opposition. Some of the existing posts
> were about substantive issues in the proposal, but did not clearly
> indicate support or opposition.
-1 - mainly because the proposal is meaningless.
SSP is applied by verifiers close to the final recipient. We expect
messages to be "already-signed" at the point, so you essentially seem to
be saying "SSP is NEVER to be applied".
Even if "already-signed" is taken to mean "already-validly-signed", that
still leaves open the question "has it been signed by the right people?",
and answering that question is the whole point of SSP.
Even if all the From addresses have SSP policies "all" (in which case any
valid signature is good enough) you still need to do the SSP lookup in
order to establish that fact.
Because, if one of them has SSP=strict, and you fail to lookup the SSP,
then you will let through messages that the strict-domain wanted to you
So the proposal is tantamount to abolishing the 'strict' category
entirely. Either that, or it is meaningless.
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
More information about the ietf-dkim