On Thursday 27 July 2006 15:13, Dave Crocker wrote: > Scott Kitterman wrote: > > As we think through the definition of minimum, I think it important that > > we consider the class of domains that are not supported by one or more > > dedicated mail servers. ... > > Is the concept of operations that these servers should sign using the > > provider's key (so all signatures for the domain are 3rd party) or that > > the provider should manage multiple keys to support per domain keys and > > sign the messages first party for the domain? > > Why should it matter whether the host is shared, or not? The question of > whether to have the provider do the signer or whether to have a content > agent (rfc2822.From or rfc2822.Sender) strikes me as important generally, > not just when the provider has more than one user domain sending from the > provider's platform. > If I send mail through the mail server of isp.example.com and they sign with my key, it matters a GREAT deal to me if they also sign other people using my name with my key. This may be largely an operational question, but the protocols have to support getting a reliable answer to it.
You are correct that there are some broader questions buried in here, but the shared server scenario is probably the most complex common use case and I think it important that we support it. > The essential question is whose reputation (accreditation, certification, > etc.) is to be used. It might well be that there should be a signature by > EACH of the relevant domains, in order to call on reputation information > both for the author as well as for the originating provider. No. The question for this policy discussion is who's policy gets used, how is it interpreted and finally ... lets make sure that messages don't get attributed to the wrong domain for reputation, etc. purposes. Scott K _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
