----- Original Message ----- From: "Arvel Hathcock" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Monday, July 31, 2006 12:28 PM Subject: Re: [ietf-dkim] Re: 3rd party signing
> > If a message has a valid signature from the same domain as the From: > > domain, can SSP tell you anything useful? If you looked up the SSP on > > such a message and it said "we send no mail", who do you believe? > > (Keep in mind that if the signature is valid, the same DNS that had > > the SSP also had the DKIM key.) > > Yes, yes. John is right. "We send no mail" does have an inherent > contradiction problem. Dumping it would rid us of that problem and > allow an optimization because we wouldn't have to do SSP queries in > cases where there's a valid signature on behalf of the From: domain. -1. John is not right. He says he is an SSP fog and indicates he doesn't understand, so how could he be right? Anyway, a NO MAIL policy is clearly that. We send mo mail. There is nothing to believe but what's expose in the Domains DNS storage. The only harm is to the domain, and if we can't trust the DNS storage, then we got more inherent problems with DKIM. Think about it, if we can't trust SSP than why should we trust the DKIM signature? The optimization comes by lowering your DKIM processing overhead by avoiding such irregulaties that CLEARLY are very strong domain protection policies. -- Hector Santos, Santronics Software, Inc. http://www.santronics.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
