[ietf-dkim] draft-ietf-dkim-ssp-02.txt
Douglas Otis
dotis at mail-abuse.org
Fri Feb 1 15:52:52 PST 2008
On Feb 1, 2008, at 3:18 PM, Hector Santos wrote:
> Douglas Otis wrote:
>> This draft goes to the opposite extreme of the ASP draft and
>> increases the restrictions for "all" compliance as well. This draft
>> indicates _ALL_ messages are to include a signature with an i=
>> parameter matches that of an identity within the From header. This
>> is not the defined use for RFC 4871.
>> The ASP approach creates fewer corner cases. At least with the ASP
>> draft, any risk of misuse remains within the control of a domain to
>> rectify.
>> IMHO, unless the SSP draft is changed to comply with RFC 4871, the
>> WG should consider adopting the ASP draft instead.
>
> First, I don't agree that SSP did not comply with RFC 4871.
No. RFC 4871 does not comply with SSP.
> Second, I for one am tired of this stuff going on in this WG.
>
> For all intent and purposes this ASP Adaptation is essentially the
> same document, the same copy of SSP with essentially the term
> Originator changed to Author.
I strongly disagree. Please review the differences.
Per ASP:
2.8. Author Signature
An "Author Signature" is any Valid Signature where the *signing
domain*
(listed in the "i=" tag if present, otherwise its default value,
consisting of the value of the "d=" tag) matches the domain of an
Author Address.
Per SSP:
2.8. Author Signature
An "Author Signature" is any Valid Signature where the *identity* of
the user or agent on behalf of which the message is signed (listed in
the "i=" tag or its default value from the "d=" tag) matches an
Author Address in the message.
IMHO, ASP is a far better definition and does not impose changes with
respect to how RFC 4871 might be used.
-Doug
More information about the ietf-dkim
mailing list