----- Original Message -----
From: "Michael Thomas" <[EMAIL PROTECTED]>
To: "John R Levine" <[EMAIL PROTECTED]>
> John R Levine wrote:
> > Well, OK. if a message has both a signature from the From: domain
and
> > one from someone else, does that pass? Why or why not?
>
> I've always interpreted this as it should pass. What would be
> the reason that it shouldn't? That the other signature gave it
> cooties?
Which one of the following processes is more optimal from a SMTP/DNS,
CPU processing perspective:
ProcessA() - SSP Lookup only for unsigned mail.
- Message Arrives
- Verification
- Perform DNS look to get Public Key
- Perform Hashing
- Signature is Valid
- OA SSP checking - NONE because it is a valid signature
- Message Accepted
ProcessB() - SSP lookup
- Message Arrives
- OA SSP Policy lookup
- EXCLUSIVE
- Two Signers found --> REJECT
I would think ProcessB() is more ideal, more efficient and 100% DKIM/SSP
compatible, and more importantly with a rejection result that is mostly
likely to be more correct than ProcessA() acceptance of an OA domain
policy voilation.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
ietf-dkim mailing list
http://dkim.org
