On Thu, 27 Jul 2006 16:33:42 -0700 Jim Fenton <[EMAIL PROTECTED]> wrote: >Scott Kitterman wrote: >> On Thursday 27 July 2006 14:00, [EMAIL PROTECTED] wrote: >> >>> My requirements >>> >>> I sign all >>> I sign nothing >>> I sign only 3rd party >>> I sign all and 3rd party >>> I sign some mail >>> >>> >>> My Policy/Practice >>> >>> I sign all - every piece of mail purported to be from me must be signed >>> >>> >> Must be signed by you are must be signed by anybody. If the latter, it's >> trivially spoofable unless you have a list of others that are authorized to >> sign. >> >Sure; third-party signatures will have a bigger dependence on >reputation/accreditation/whitelists/etc. than originator signatures. > Or a bigger dependence on policy. Leaving third party signatures to some non-standardized reputation service would effectively make domains that couldn't sign their own mail into second class internet citizens.
I think it much better to allow the policy protocol to enumerate which third parties are acceptable so small domain holders can be on the same footing as large. Scott K _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
