On Aug 10, 2006, at 10:33 AM, Stephen Farrell wrote:
Douglas Otis wrote:
Actually "Signing Complete" should be as explicit assertion,
whereas "Not Signing Complete" should be a default ...
That's a nice example of a design discussion. We're on requirements
now.
Rephrased:
The policy should be able to indicate:
- What signing domains are authoritative for the First Party Address.
(The policy specifies which signing domain qualify the First
Party Address as being valid.)
AND
- What signing domains are exclusively used by the First Party
Address.
(DKIM Signer Complete)
To permit the first requirement without encumbrances, the DKIM Signer
Complete assertion MUST BE optional.
A less stringent assertion than "DKIM Signer Complete" should also be
possible. This option might be called "DKIM Signer Extended".
"DKIM Signer Extended" could indicate that the "DKIM Signer Complete"
assertion applies, and that common services are also used.
"DKIM Signer Complete" or "DKIM Signer Extended" assertions would
apply to all listed domains.
To clarify:
A DKIM Signer Complete assertion specifies the domains listed in the
policy represent all the signing domains used by the First Party
Address and that only signing sources are used.
Without either "DKIM Signer Complete" or "DKIM Signer Extended" *no*
assurance of exclusivity or restriction of sources carrying the First
Party Address have been asserted.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
