On 01/19/2006 15:50, Michael Thomas wrote:
> Earl Hood wrote:
> > On January 19, 2006 at 03:10, "Hector Santos" wrote:
> >>Sender-Signing Policy (SSP):
> >>
> >>         NONE (no policy)
> >>    o=?  WEAK (signature optional, no third party)
> >>    o=~  NEUTRAL (signature optional, 3rd party allowed)
> >>    o=-  STRONG  (signature required, 3rd party allowed)
> >>    o=!  EXCLUSIVE (signature required, no 3rd party)
> >>    o=.  NEVER  (no mail expected)
> >>    o=^  USER
> >
> >  ...
> >
> > Wouldn't be easier of the signer can assert a role so such checks
> > are not necessary by a list server?
>
> No. SSP is not for signed mail, it's for unsigned mail.
>
If it's a third party signature you still need to check SSP for EXCLUSIVE 
policy.

> > If the list server makes no
> > assertion against an (RFC-2822) originating address, it should be
> > able to sign all messages it distributes.
>
> Correct. Nothing needed to provide this, though the i= isn't explictly
> saying what "role" (binding) it's providing (if any).
>
> > This would avoid list servers having to do SSP checks on each message
> > and avoid the problems of bad implementations getting the logic wrong
> > on when to sign and not to sign.
>
> Receivers in general only need to do SSP if the message is unsigned.
> List servers are no different.

ditto.

Scott K
_______________________________________________
ietf-dkim mailing list
http://dkim.org

Reply via email to