[ietf-dkim] A proposal for restructuring SSP
Bill.Oxley at cox.com
Bill.Oxley at cox.com
Mon Jan 28 12:45:27 PST 2008
OFFLIST,
Checked with the man who would actually do the typing or script writing.
It would be a major project as each domain 200k+ needs an entry pointing
to the shared key. Lot of work at this point so we will wait for the
spec to stabilize, vendors to build a ssp compliant checker then offer
it as an enhanced premium.
Thanks,
Bill Oxley
Messaging Engineer
Cox Communications
404-847-6397
-----Original Message-----
From: ietf-dkim-bounces at mipassoc.org
[mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of Wietse Venema
Sent: Sunday, January 27, 2008 11:10 AM
To: ietf-dkim at mipassoc.org
Subject: Re: [ietf-dkim] A proposal for restructuring SSP
Bill.Oxley at cox.com:
> business customers who have no clue on how to manage DNS or do
> DKIM which rather slows adoption rates. Without this the only
> people doing DKIM will be the spammers (most of my currently signed
> mail is from spammers) and large phished entities like paypal.
> Now since I have a speaking relationship with paypal I dont need
> to use SSP for them.
Bill,
While time leaks away in disgreements on even simple things, may
I show an example how one DKIM private key could be used to provide
valid first-party signatures for multiple domains.
- Implement DNS DKIM records as CNAMEs to records that are shared
by multiple domains, instead of giving each domain its own. You
could share the same record with all domains, but don't have to.
- Store the private key's NAME in the n= field of the real DKIM
records, so the signing software can figure out which private key
to use. Or find some other way to clue in the signing software.
- Sign with d=customerdomain, instead of d=providerdomain.
By signing with a first-party signature, the verifier's job simplifies
greatly. But doing so also isolates that domain's DKIM reputation
from the DKIM reputations of other domains, for better or worse.
Wietse
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
More information about the ietf-dkim
mailing list