On 4/22/2014 3:20 AM, Vlatko Salaj wrote:
On Tuesday, April 22, 2014 1:18 AM, Hector Santos <[email protected]> wrote:
I think the DKIM 3rd party resigner issue is the more important issue
at this point.
i hold both are important.
...
i really see no reason why DMARC can't be flexible enough to include it.
Hi Vlatko,
Take a look at the 2006 DSAP I-D proposed author domain policy
protocol which provided tags to covered the complete 1st vs 3rd party
boundary conditions for DKIM signing practices:
Original Party Signature (OP tag):
Not Expected (op-)
Expected (op+)
Optional (op~)
3rd Party Signature (3P tag):
No Expected (3p-)
Expected (3p+)
Optional (3p~)
See page 15/16 in http://www.winserver.com/public/ssp/DSAP-00.pdf
So the strongest would be the signing policy (sp=):
sp=op+,3p-
You can also make it so that a domain only signs with a 3rd party
trust vendor, with
sp=op-,3p+
DMARC needs to offer similar semantical and tag flexibility to cover
all possible 1st and 3rd signature conditions.
--
HLS
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
