[ietf-dkim] draft-ietf-dkim-ssp-02.txt ASP/SSP section 2.8
stephen.farrell at cs.tcd.ie
Mon Feb 11 05:13:49 PST 2008
If you (or Hector, or whoever) have suggested changes for ssp-02 please
raise an issue, including suggested new text and we can process that.
Charles Lindsey wrote:
> On Fri, 08 Feb 2008 19:15:15 -0000, Eric Allman <eric+dkim at sendmail.org>
>> You say some things about the Evaluator that lead me to believe that
>> you've got a different idea of what it should be than I do. You say:
>>> So to me the idea of an Evaluator would be first a fundamental
>>> protocol consistency Evaluator that would be part of the DKIM/SSP
>>> framework across all supportive/compliant systems. It would be
>>> 100% independent from any subjective or heuristics or reputation
>>> analysis or any one group detecting their questionable inherent
>>> policies or implementations methods.
>> This is the inverse of the model in my head, where the Evaluator is
>> completely /dependent/ on "subjective or heuristics or reputation
>> analysis" --- it is, in short, how the receiver decides how to process
>> the message. Indeed, the point of introducing the concept is an
>> attempt to make explicit what is out of scope for normative definition
>> in the SSP spec.
> I think Hector's model (AIUI) is nearer what I want.
> Call it a "DKIM Evaluator". Its function is to examine all the available
> signatures (including the precise forms of their tags), to compare them
> with the various From, Sender, Whatever-Else headers that one would
> expect to be matched by those signatures, and to report where that
> matching is deficient having regard to the SSP policies and their
> severities appropriate to those headers.
> Armed with this "DKIM evaluation report", the verifier now knows how the
> sender(s) would like their messages to be treated. On top of this, the
> verifier can also consider other evidence in its possession, its
> clients' preferences and its own internal policies and then proceed as
> it sees fit. But that process should be called the "Local Evaluator",
> and should not be described in the SSP document beyond a mention that it
> will likely exists. But the "DKIM evaluator" can and should be fully
More information about the ietf-dkim