Dave Crocker wrote: > >> 2. Unsigned vs. Mismatched Signature >> >> The original SSP specification applied only to unsigned messages. The >> current >> version includes mail that is signed but has different domains >> between the >> DKIM i= attribute and the rfc2822.From field. Presumably, this new >> capability >> overrides whatever reputation is associated with the message signer. >> >> If a signer has a good reputation, then why is that not sufficient for >> enabling delivery? In other words, with a signature of a domain with >> a good >> reputation, what threats is SSP trying to protect against? > > To the extent that the above is not sufficiently clear: > > All text that causes SSP to be applied to an already-signed > message needs to be removed. > > A DKIM signature is a statement of responsibility. When a signature > is present, an organization has taken responsibility for the message. > > Reconciling an existing signature against another identity field, such > as rfc2822.From moves the use of DKIM from statements about simple > transit responsibility into assertions of content legitimacy and/or > accuracy. This is out of scope for DKIM. > > d/
While I don't agree with Dave's proposal, I do think there may be a problem with the text. In particular I am concerned about mailing list software that breaks signatures and resigns. Dave's concern is over the definition of the message originator. If a reputation check of some form is done on a valid signature and found to be positive, I see no reason to continue the SSP process. On the other hand, if the reputation check returns neutral or negative, that could open a gaping hole into the specification, by avoiding checks that would have otherwise been performed that would have led to "suspicious". Eliot _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
