[ietf-dkim] NEW ISSUE: Security Threat: Unexpected
mike at mtcc.com
Wed Feb 13 06:05:24 PST 2008
John Levine wrote:
>> That's not quite what we had in mind. As I see it, 3rd party signing
>> is only acceptable when the domain owner wants to permit it --
> It would be possible to design a system in which domain A says that it
> endorses domain B's signature on mail with an author address at A, but
> if you dig through the list archives, you'll find that we rejected
> that expansion of SSP quite a while ago.
Indeed, it was issue tracked, consensus called and documented in
RFC5016. This is a very dead horse.
More information about the ietf-dkim