> From: Stephen Farrell [mailto:[EMAIL PROTECTED]
> Hi Phill, > > Is that "exceptions" stuff a requirement that's been > discussed before? I don't recall it anyway. > > It sounds a bit of an edge case, though, so I wonder if > there's broad support for that feature? Its not so much a requirement as an attempt to demonstrate that the only thing that the SSP policy need actually include is the statement 'A message always contains at least n signatures'. I have already demonstrated that this works fine for values of n from 1 to 5+. What the exceptions stuff is intended to demonstrate is that we can catch the edge cases as well, IF WE DECIDE WE NEED TO and address the case where n is usually 1 or more but in certain exceptions n is zero. My personal view is that this is not necessary and violates the 95/5% rule. However I note that there are people who appear to be arguing that use cases of this type are important. What I want to show is that we can have an exceptionally simple policy record AND strong policy and that this model may be extended IF NECESSARY to meet a very large number of edge cases. Furthermore the 'simple but strong' approach makes a good case for the DKIM record to be regarded as the master policy record for email since the policy statement is vastly simpler and cleaner than SPF. All the policy record states here is the set of security policies that are implemented for outbound mail. We have no esoteric syntax, no bangs, apostrophes, percent signs or stuff. This is a policy record that is simple and clean enough that it is easy to see how it can be extended to serve other protocols. Given the metasyntax for the inbound policy I can pretty much guess what the outbound policy statement would be for typical configurations (e.g. SSL) _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
