On Sep 8, 2006, at 1:09 PM, John L wrote:
A statement "All messages containing this email-address domain
are initially signed" would be correct for the dimwit that uses
Yahoogroups, provided there is also an assertion "Only compliant
services are used that retain initial signatures" can be added to
this assertion. ...
You may rest assured that the dimwit will beat his tiny gorilla
chest, make all of the most aggressive assertions, and then blame
everyone but himself when nobody gets his Yahoogroups mail.
I tend to agree with you about this concern. Two different
assertions can not be understood or used correctly.
The one assertion: (weak)
"All messages containing this email-address domain are initially
signed"
This provides useful information, although not enough to block all
unsigned messages.
The two assertions: (stronger)
"All messages containing this email-address domain are initially
signed" +
"Only compliant services are used that retain initial signatures"
This provides enough information to block all spoofed messages. It
is also likely this assertion should only be applied in exceptional
cases related to transactional messages. Otherwise there will be any
number of upset administrators complaining about delivery problems.
Here I agree with your concern, which also relates to the use of a
trusted-domain list as well.
Assume that a trusted-domain list is communicated to the recipient
via some form of annotation.
Why should anyone trust all messages signed by a trusted domain?
It seems there is a solution to handles both concerns about dimwit
administrators and too broadly trusting all messages signed by a domain.
Provide some mechanism that allows specific messages to have the
stronger assertion applied.
There have been several suggestions related to this topic:
- Mark the key/signature to indicate a stronger assertion applies.
- Allow email-address specific policy be applied.
- The DAC suggests additional headers (such headers might not be
controlled by the administrator).
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
