[ietf-dkim] Next steps for draft-ietf-dkim-ssp
MH Michael Hammer (5304)
MHammer at ag.com
Tue Dec 30 11:18:51 PST 2008
> -----Original Message-----
> From: John L [mailto:johnl at iecc.com]
> Sent: Tuesday, December 30, 2008 1:44 PM
> To: MH Michael Hammer (5304)
> Cc: ietf-dkim at mipassoc.org
> Subject: RE: [ietf-dkim] Next steps for draft-ietf-dkim-ssp
>
> >> It's when the signature matches the From: address. Shouldn't be
too
> >> hard to say it again.
> >
> > Wouldn't the better (correct) way to state this be:
> >
> > It's when the signing domain (d=) and signature matches the From:
> > address domain.
>
> That's what I think, but the current draft has the i= override the d=
so
> if the From: is a at b.com, the signature is d=b.com i=z at b.com, then as
> currently spec'ed, that doesn't match.
>
This goes back to all the long drawn out discussions when it was changed
from "Sender Signing Policy" to "Author Domain Signing Policy". If we
start talking about the Right hand side then we aren't talking domains
but addresses.
I was originally in favor of a broader scope for "SSP" that would have
gone beyond just the From: address domain to include other signers. The
narrower scope met what I perceive as the needs of heavily phished
brands so I was comfortable going with the narrower scope.
The i= override doesn't make sense to me if the intent of ADSP is
signing by author domains. I thought this was why we ended up going with
"all" and "discardable" conceptually.
Is there anyone on the list that would realistically plan on
implementing/publishing ADSP using an "i=" override? If so, could they
explain the logic and necessity of doing so? What is the anticipated
benefit?
Mike
More information about the ietf-dkim
mailing list