Ian Eiloart wrote:
>
>
>> 2) We should consider a 5617bis (ADSPbis) to codify its semantics
>> regarding Author Domain only signature policies to include a:
>>
>> Always sign by *anyone* Policy.
>>
>> Currently 5617 (ADSP) defines the two policies:
>>
>>
>> all All mail from the domain is signed with an Author
>> Domain Signature.
>>
>> discardable All mail from the domain is signed with an Author
>> Domain Signature........
>>
>> Many people felt we were missing the "Signed by Anyone" concept which
>> did not help "authorized" 3rd party signers or the list servers who
>> are going to be resigning. To compensate, many viewed ADSP=ALL to
>> mean it allowed any signer, not just the Author Domain as defined by
>> the spec.
>
> So, that would mean that anyone is allowed to spoof my 5322.From
> address, provided that they sign the message, would it? I'm not sure I
> could think of a useful application for that feature.
>
> Perhaps "ADSP=anyof:example.com, example.org..." would make the system
> more useful. Heck, one might even say "anyof:*", if one really wanted.
Perhaps and this has been proposed in the 2006 DSAP I-D, Doug's has
similar TPA (Third Party Authorization) and I recently tried to rewake
the DSAP idea for ADSP as an extension called ASL (Allowable Signer List).
ADSP allows extension, so a DNS record like
DKIM=all; x-asl=mipassoc.org, gmail.com
would say, that I sign all my mail, and allow those other domains to
also sign.
However, this can be potentially be a high overhead/management for
large companies with many employees using different list servers. I
think it fits the millions more market place of small to mid size
domains or private domains that may outsource a one or more third
party signers or use a few professional or trade support list forums.
If you think this is something to pursue, +1 it because I am trying to
see if its worth the effort to reintroduce it.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
