On Sat, 2006-07-29 at 23:26 -0400, Hector Santos wrote:
> - Definition should expose the following DKIM signer attributes:
>
> - List of allowable 3PS signers
The term third-party signer should not be used to avoid confusion with
designated signing domains and non-designated domains. The list should
be a list of designated signing domains which includes the OA domain
when that domain is used for signing and non-designated domains are
flagged as not being used.
> - Support OA Mail/DKIM Policy definitions
> - No mail expected from OA
(No designated domain & only designated domains used.)
> - Never Signed expected from OA
(OA not designated & only designated domains used.)
> - Always signed expected from OA
(Only OA designated & only designated domains used.)
> - Sometime signed expected from OA
(OA not designated & non-designated domains used.)
By utilizing a list of designated signers, all of these policy
definitions reduce to a single flag that indicates whether
non-designated domains are used.
> - Support 3PS Mail/DKIM Policy definitions
> - Not expected by OA
(Only OA designated & only designated domains used.)
> - Always expected by OA
(OA not designated & only designated domains used.)
> - Sometimes expected by OA
(OA and designated & only designated domains used or
non-designated domains used?)
It makes little sense to indicate "sometimes expected." How would that
be useful?
A list of designated signing domains eliminates the need to separately
specify use of OA domain or designated signing domains. The OA domain
is self apparent when contained within the list. Only flagging the use
of non-designated domains is required.
When annotating the message, the signing domain must be:
- a non-designated originator domain
(For bogus invalids when only designated domains used.)
- a designated originator domain
- a designated non-originator domain
- a non-designated non-originator domain
The originator domain is self apparent. A list indicates which domains
have been designated. A flag indicates whether non-designated domains
are used.
When non-designated domains are used, there should be no expectation
that DKIM is always employed by these domains. The default for policy
should be an empty designated signing list and a flag indicating use of
non-designated domains.
> - Highest Signature Hashing method Possible
For less overhead, this information should be included within the key
when an alternative algorithm is required to accompany that signature.
This information should also include the algorithm, service method, and
signature version.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
