On Tuesday 01 August 2006 02:10, Douglas Otis wrote: > On Mon, 2006-07-31 at 23:25 -0400, Scott Kitterman wrote: > > On Monday 31 July 2006 21:22, John Levine wrote: > > >> I think this is the key issue then and we ought to focus on it. In > > >> my view almost the entire point of a signing policy is constraining > > >> whose signatures are considered authorized by the domain owner. > > > > > > I'm assuming that when you say authorized, you mean authoritative. > > > (English definitely has its shortcomings.) > > > > I meant authorized, as I think the SSP concept is about authorization. > > I can see where authoritative fits better as I wrote it. I'm not sure > > there is a distinction between the two worth arguing about. > > The last time policy was reviewed before starting to the base draft, the > conclusion was that policy is not an authorization function, rather > policy indicates what the identity uses or does. With that in mind, > John's terminology of "authoritative" better reflects that view. > > Assume that the 2822.From domain indicates both the use of designated > domains and non-designated domains. Assume also that by definition > designated domains MUST employ DKIM, but that non-designated domains MAY > employ DKIM. A designated domain might also be defined as being > "authoritative" when it comes to concerns related whether the message is > being replayed or whether the identity header is valid. The same policy > may also indicate use of non-designated domains that are defined as "not > authoritative." > > Your Authorization terminology is easily confused with what might be > implied by "authoritative." For either the designated or non-designated > domains, their indicated use might imply an "authorization of use" when > viewing policy as an authorization function. It seems better to avoid > referring to policy as "authorization" to keep the terminology > consistent and what is being indicated clear. >
I don't recall that conclusion, but I'll stick with what I said the first time: > > I meant authorized, as I think the SSP concept is about authorization. > > I can see where authoritative fits better as I wrote it. I'm not sure > > there is a distinction between the two worth arguing about. I'm leaving on vacationthis afternoon, so I'll leave you and the rest of the WG to figure it out while I'm gone. Scott K _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
