Finally getting a little caught up...
Michael Thomas wrote:
> Charles Lindsey wrote:
>> Now the ultimate recipients see A's signature (no longer good), plus
>> A's policy. So the message is on the face of it "suspicious". So what
>> is the recipient supposed to do? He is a member of the list, and is
>> happy to trust the list maintainer, and can check the 2nd signature.
>> But he is still receiving conflicting advice.
A message where A's (the author's) signature is broken isn't
automatically Suspicious if A's SSP record says "all". It is only
Suspicious if there is no other signature there that the verifier is
willing to accept. One might expect that the verifier is willing to
accept signatures from mailing lists it knows about.
>
> This is something that I also took away from the draft. "strict" +
> broken/missing
> signature is much more suspicious than "all" + broken/missing
> signature. My
> suggestion would be to tie the "suspicion" to the expectation: eg
> suspicious/strict
> and suspicious/all.
The SSP draft does not attempt to set levels of suspicion. Either a
message is Suspicious or it is not, for the purposes of the draft.
You're right, though, that the difference between "all" and "strict" is
an expectation, as defined in section 5.3 of SSP Requirements. There
was a design choice between having independent practice and expectation
flags in SSP and having a single flag. We opted to combine practice and
expectation into a single flag with the three values {unknown, all,
strict} since the fourth value, "I don't sign everything but you should
expect a valid signature anyway", doesn't make any sense and it seemed
like it removed a potential source of misconfiguration if it is not
possible to express that combination.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
