On January 19, 2006 at 03:10, "Hector Santos" wrote: > Sender-Signing Policy (SSP): > > NONE (no policy) > o=? WEAK (signature optional, no third party) > o=~ NEUTRAL (signature optional, 3rd party allowed) > o=- STRONG (signature required, 3rd party allowed) > o=! EXCLUSIVE (signature required, no 3rd party) > o=. NEVER (no mail expected) > o=^ USER ...
Wouldn't be easier of the signer can assert a role so such checks are not necessary by a list server? If the list server makes no assertion against an (RFC-2822) originating address, it should be able to sign all messages it distributes. This would avoid list servers having to do SSP checks on each message and avoid the problems of bad implementations getting the logic wrong on when to sign and not to sign. From an audit, and accountability, perspective it would be useful that all list server software DKIM sign messages regardless of any originating-address-based SSP. This way, list server software can always assert what messages it distributes out regardless of the originating author/sender. --ewh _______________________________________________ ietf-dkim mailing list http://dkim.org
