> 2) We should consider a 5617bis (ADSPbis) to codify its semantics > regarding Author Domain only signature policies to include a: > > Always sign by *anyone* Policy. > > Currently 5617 (ADSP) defines the two policies: > > > all All mail from the domain is signed with an Author > Domain Signature. > > discardable All mail from the domain is signed with an Author > Domain Signature........ > > Many people felt we were missing the "Signed by Anyone" concept which > did not help "authorized" 3rd party signers or the list servers who > are going to be resigning. To compensate, many viewed ADSP=ALL to > mean it allowed any signer, not just the Author Domain as defined by > the spec.
So, that would mean that anyone is allowed to spoof my 5322.From address, provided that they sign the message, would it? I'm not sure I could think of a useful application for that feature. Perhaps "ADSP=anyof:example.com, example.org..." would make the system more useful. Heck, one might even say "anyof:*", if one really wanted. > In fact, this same DKIM API includes ADSP support and it also > interprets ADSP=ALL as an anyone can sign concept as long as there is > a valid signature. There is no option in the software to follow > ADSP=ALL exactly how it it defined in 5871. > > Since this is an API from a large MTA vendor, I would not ignore this > implementation "data point." If the suggestion is made the software is > "buggy" then we are back to a status quo of non-resolution of > conflicting issues regarding the author domain, 3rd party signers > and/or list servers. > > -- > Hector Santos, CTO > http://www.santronics.com > http://santronics.blogspot.com -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
