On Sat, 2006-07-29 at 23:26 -0400, Hector Santos wrote: > - Definition should expose the following DKIM signer attributes: > > - List of allowable 3PS signers
The term third-party signer should not be used to avoid confusion with designated signing domains and non-designated domains. The list should be a list of designated signing domains which includes the OA domain when that domain is used for signing and non-designated domains are flagged as not being used. > - Support OA Mail/DKIM Policy definitions > - No mail expected from OA (No designated domain & only designated domains used.) > - Never Signed expected from OA (OA not designated & only designated domains used.) > - Always signed expected from OA (Only OA designated & only designated domains used.) > - Sometime signed expected from OA (OA not designated & non-designated domains used.) By utilizing a list of designated signers, all of these policy definitions reduce to a single flag that indicates whether non-designated domains are used. > - Support 3PS Mail/DKIM Policy definitions > - Not expected by OA (Only OA designated & only designated domains used.) > - Always expected by OA (OA not designated & only designated domains used.) > - Sometimes expected by OA (OA and designated & only designated domains used or non-designated domains used?) It makes little sense to indicate "sometimes expected." How would that be useful? A list of designated signing domains eliminates the need to separately specify use of OA domain or designated signing domains. The OA domain is self apparent when contained within the list. Only flagging the use of non-designated domains is required. When annotating the message, the signing domain must be: - a non-designated originator domain (For bogus invalids when only designated domains used.) - a designated originator domain - a designated non-originator domain - a non-designated non-originator domain The originator domain is self apparent. A list indicates which domains have been designated. A flag indicates whether non-designated domains are used. When non-designated domains are used, there should be no expectation that DKIM is always employed by these domains. The default for policy should be an empty designated signing list and a flag indicating use of non-designated domains. > - Highest Signature Hashing method Possible For less overhead, this information should be included within the key when an alternative algorithm is required to accompany that signature. This information should also include the algorithm, service method, and signature version. -Doug _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html