----- Original Message ----- From: "Paul Hoffman" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Thursday, July 27, 2006 2:26 PM Subject: [ietf-dkim] I sign nothing / only only 3rd party / some mail
> I am completely confused by "I sign nothing" and "I sign only 3rd > party" and "I sign some mail". I don't see the value of those to the > recipient. > > "I sign nothing" seems weird. If I have something signed by your > domain, and I cannot get the signing key from your domain, "I sign > nothing" adds no value. The signature is invalid. When you have a "Ignore if invalid/error"" BASE methodology, the SSP and DSAP declaractions is explicit in telling you want to expect. > "I sign only 3rd party" has the same attack problem as "I sign nothing". I don't see the attack problem in "I sign nothing" so... > "I sign some mail" doesn't tell the recipient anything useful. Agree. Relaxed polices will be more abused as with anything relaxed. But lets not confused it with multiple domains where each has a different policy. The problem with relaxed policies is when the ratio of abused vs success gets higher. So its fine until its starts getting abused and it might begin to affect all transactions from the domain. That might be good or bad. > What am I missing? You are telling the world about what you expect with any purported domain junk coming their way. The BASE doesn't help them. SSP does. --- HLS _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
