-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Jun 7, 2007, at 6:06 AM, Hector Santos wrote:
> Jim Fenton wrote:
>
>> Jon Callas wrote:
> >>
>>> In short -- saying "I sign everything" with a non-existent or
>>> bogus key is the same thing as saying, "You'll never see a valid
>>> one of these."
>> But I agree with this statement, which I think is your main point.
>
> Sure, but unless I am missing a changing of philosophy, this goes
> against DKIM-BASE "ignore failures" design.
>
> I was under the impression, the whole point of the SSP layer is to
> give DKIM domains and verifiers some authority to handle the DKIM
> signature expectation violations.
>
> Is that what we want? change the semantics of DKIM-BASE?
It doesn't change any semantics at all. DKIM-BASE does recommend
ignoring failures. But the whole point of SSP is to consider the case
where we don't want to ignore failures. We want a missing/broken/etc.
signature to have meaning.
The receiver doesn't have to do anything. It can ignore all of DKIM.
But if it doesn't want to, that's where SSP comes in.
The hack I describe is merely setting up your DKIM parameters so that
any signature on a message must be erroneous; the receiver then does
whatever they want, including using SSP.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.1
Charset: US-ASCII
wj8DBQFGaRrosTedWZOD3gYRAp5oAKDWQHU/vC8MBjQJDOrV8oxjpj+7fgCcDMgz
UvCfaRQjnFTE/8+qAgmR+wA=
=Dswf
-----END PGP SIGNATURE-----
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
