Re: [ietf-dkim] Tracing SSP's paradigm change
Jim Fenton <fenton@cisco.com> Tue, 04 December 2007 22:31 UTC
Return-path: <ietf-dkim-bounces@mipassoc.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IzgIq-0004eV-1X for ietf-dkim-archive@lists.ietf.org; Tue, 04 Dec 2007 17:31:44 -0500
Received: from mail.songbird.com ([208.184.79.10]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IzgIp-0001bn-Ha for ietf-dkim-archive@lists.ietf.org; Tue, 04 Dec 2007 17:31:44 -0500
Received: from mail.songbird.com (sb7.songbird.com [127.0.0.1]) by mail.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id lB4MT5bf026084; Tue, 4 Dec 2007 14:29:06 -0800
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by mail.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id lB4MT3GM026069 for <ietf-dkim@mipassoc.org>; Tue, 4 Dec 2007 14:29:03 -0800
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-6.cisco.com with ESMTP; 04 Dec 2007 14:29:27 -0800
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id lB4MTRw4030950; Tue, 4 Dec 2007 14:29:27 -0800
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id lB4MTH23013385; Tue, 4 Dec 2007 22:29:27 GMT
Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 4 Dec 2007 14:29:19 -0800
Received: from dhcp-4066.ietf70.org ([10.21.87.89]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 4 Dec 2007 14:29:19 -0800
Message-ID: <4755D4B8.8060807@cisco.com>
Date: Tue, 04 Dec 2007 14:29:12 -0800
From: Jim Fenton <fenton@cisco.com>
User-Agent: Thunderbird 2.0.0.9 (Macintosh/20071031)
MIME-Version: 1.0
To: dcrocker@bbiw.net
Subject: Re: [ietf-dkim] Tracing SSP's paradigm change
References: <47549320.9000307@dcrocker.net> <475585A2.8040600@mtcc.com> <4755D0D4.4000005@dcrocker.net>
In-Reply-To: <4755D0D4.4000005@dcrocker.net>
X-Enigmail-Version: 0.95.5
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 04 Dec 2007 22:29:19.0560 (UTC) FILETIME=[1C8E3C80:01C836C5]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1615; t=1196807367; x=1197671367; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=fenton@cisco.com; z=From:=20Jim=20Fenton=20<fenton@cisco.com> |Subject:=20Re=3A=20[ietf-dkim]=20Tracing=20SSP's=20paradigm=20change |Sender:=20; bh=cT7Em203082Ld/z+QTqJCIfXdeWykRlSdt3LYi9Lds4=; b=bRLweQV6L0fY4TclsmBwRQvlYY//U7B5dmGZhhJVp5zeb6vABJPTEquihe/e0WJJ5GxoHNon N1UCM11DPKOkZtm2FDcOq+BMdbqIolkUyH62eCuqNqrITdDPtEQYZiphdfLNDvQeZ1Wff5Fv9D 9lOPO9SGKQk6jg+QY22smqMVk=;
Authentication-Results: sj-dkim-1; header.From=fenton@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
Cc: DKIM IETF WG <ietf-dkim@mipassoc.org>, apps-review@ietf.org
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
X-Spam-Score: -1.0 (-)
X-Scan-Signature: 769a46790fb42fbb0b0cc700c82f7081
Dave Crocker wrote: > > > Michael Thomas wrote: >> Dave Crocker wrote: >> >>> 3. Scope and scale of query traffic >>> >>> SSP originally was constrained to apply only to unsigned mail. The >>> current specification applies to unsigned messages *and* signed >>> messages >>> where the DKIM i= domain name does not match the rfc2822.From >>> <addr-spec> >>> domain. This is a considerable change in the nature -- and >>> potentially >>> a considerable change in the amount of query traffic -- that SSP >>> causes. >> >> This has not changed in years. Maybe you've just become aware of it. And >> the problem here remains with unsigned traffic. Third party >> signatures are >> very rare beasts. > > The requirement to have i= match From domain was added between the -02 > and -03 versions, sometime during Fall 06 and Winter 07. > > On reviewing the working group archive, I have not succeeded in > finding any discussion either of changing the SSP paradigm to apply to > signed message or of the problematic selection of the rfc2822.From > field, rather than rfc2822.Sender field domain. > > I recall making a point a number of times in the working group, > verifying that the group agreed that SSP applied (only) to unsigned > messages. >From draft-allman-dkim-ssp-00.txt, dated July 9, 2005, section 1 paragraph 3: In the absence of a valid DKIM signature on behalf of the "From" address [RFC2822], the verifier of a message MUST determine whether messages from a particular sender are expected to be signed, and what signatures are acceptable. -Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
- [ietf-dkim] Review of DKIM Sender Signing Practic… Dave Crocker
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… John Levine
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Scott Kitterman
- Re: [ietf-dkim] SSP sender expectations John Levine
- Re: [ietf-dkim] SSP sender expectations Scott Kitterman
- [ietf-dkim] Re: SSP sender expectations Frank Ellermann
- RE: [ietf-dkim] Review of DKIM Sender Signing Pra… Patrick Peterson
- Re: [ietf-dkim] SSP sender expectations Hector Santos
- RE: [ietf-dkim] Review of DKIM Sender Signing Pra… Patrick Peterson
- RE: [ietf-dkim] SSP sender expectations Patrick Peterson
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Charles Lindsey
- Re: [ietf-dkim] SSP sender expectations Hector Santos
- Re: [ietf-dkim] SSP sender expectations Hector Santos
- Re: [ietf-dkim] SSP sender expectations Wietse Venema
- RE: [ietf-dkim] Review of DKIM Sender Signing Pra… J D Falk
- RE: [ietf-dkim] SSP sender expectations J D Falk
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Michael Thomas
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Douglas Otis
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Michael Thomas
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Michael Thomas
- Re: [ietf-dkim] SSP sender expectations Hector Santos
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… John Levine
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Michael Thomas
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Jim Fenton
- RE: [ietf-dkim] SSP sender expectations J D Falk
- Re: [ietf-dkim] SSP sender expectations Hector Santos
- Re: [ietf-dkim] SSP sender expectations Wietse Venema
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… John L
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Eliot Lear
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Douglas Otis
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Michael Thomas
- Re: [ietf-dkim] SSP sender expectations Hector Santos
- Re: [ietf-dkim] SSP sender expectations Douglas Otis
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… John L
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Michael Thomas
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… John L
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Eric Allman
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Hector Santos
- [ietf-dkim] Tracing SSP's paradigm change Dave Crocker
- [ietf-dkim] Re: Tracing SSP's paradigm change Michael Thomas
- Re: [ietf-dkim] Tracing SSP's paradigm change Jim Fenton
- Re: [ietf-dkim] Re: Tracing SSP's paradigm change Dave Crocker
- Re: [ietf-dkim] Tracing SSP's paradigm change Dave Crocker
- [ietf-dkim] Comments on SSP Review BASIC ISSUES Arvel Hathcock
- Re: [ietf-dkim] Comments on SSP Review BASIC ISSU… Steve Atkins
- Re: [ietf-dkim] Tracing SSP's paradigm change Scott Kitterman
- RE: [ietf-dkim] Comments on SSP Review BASIC ISSU… Patrick Peterson
- Re: [ietf-dkim] Tracing SSP's paradigm change Michael Thomas
- Re: [ietf-dkim] Comments on SSP Review BASIC ISSU… Douglas Otis
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Charles Lindsey
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Charles Lindsey
- Re: [ietf-dkim] Review of DKIM Sender Signing =?i… Scott Kitterman
- Re: [ietf-dkim] Review of DKIM Sender Signing =?i… John Levine
- Re: [ietf-dkim] Review of DKIM Sender Signing =?i… Scott Kitterman
- [ietf-dkim] making SSP useless in one short step Michael Thomas
- [ietf-dkim] Re: making SSP useless in one short s… Dave Crocker
- Re: [ietf-dkim] making SSP useless in one short s… John Levine
- Re: [ietf-dkim] making SSP useless in one short s… Michael Thomas
- [ietf-dkim] Re: making SSP useless in one short s… Michael Thomas
- Re: [ietf-dkim] Tracing SSP's paradigm change Dave Crocker
- Re: [ietf-dkim] Tracing SSP's paradigm change John Levine
- Re: [ietf-dkim] Re: making SSP useless in one sho… Hector Santos
- [ietf-dkim] OT: apps-review (was: making SSP usel… Frank Ellermann
- Re: [ietf-dkim] Re: making SSP useless in one sho… Dave Crocker
- Re: [ietf-dkim] Re: making SSP useless in one sho… John Levine
- Re: [ietf-dkim] making SSP useless in one short s… Scott Kitterman
- Re: [ietf-dkim] Re: making SSP useless in one sho… Scott Kitterman
- Re: [ietf-dkim] Re: making SSP useless in one sho… Michael Thomas
- [ietf-dkim] Issue #1512: Re: making SSP useless i… Jim Fenton
- [ietf-dkim] Re: Issue #1512: Re: making SSP usele… Michael Thomas
- Re: [ietf-dkim] Tracing SSP's paradigm change Arvel Hathcock
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Arvel Hathcock
- Re: [ietf-dkim] Re: Issue #1512: Re: making SSP u… John Levine
- Re: [ietf-dkim] Re: making SSP useless in one sho… Arvel Hathcock
- Re: [ietf-dkim] Tracing SSP's paradigm change Dave Crocker
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Arvel Hathcock
- Re: [ietf-dkim] making SSP useless in one short s… Arvel Hathcock
- Re: [ietf-dkim] Re: making SSP useless in one sho… Arvel Hathcock
- Re: [ietf-dkim] Tracing SSP's paradigm change Arvel Hathcock
- Re: [ietf-dkim] Re: Issue #1512: Re: making SSP u… Dave Crocker
- Re: [ietf-dkim] Re: Issue #1512: Re: making SSP u… Arvel Hathcock
- Re: [ietf-dkim] Review of DKIM Sender Signing Pra… Charles Lindsey
- Re: [ietf-dkim] Review of DKIM Sender Signing =?i… Scott Kitterman
- Re: [ietf-dkim] Tracing SSP's paradigm change Michael Thomas
- Re: [ietf-dkim] Tracing SSP's paradigm change Dave Crocker
- Re: [ietf-dkim] Tracing SSP's paradigm change Michael Thomas
- Re: [ietf-dkim] Tracing SSP's paradigm change Steve Atkins
- Re: [ietf-dkim] Tracing SSP's paradigm change Michael Thomas
- Re: [ietf-dkim] Tracing SSP's paradigm change Dave Crocker
- Re: [ietf-dkim] Tracing SSP's paradigm change Steve Atkins
- Re: [ietf-dkim] Tracing SSP's paradigm change Scott Kitterman
- RE: [ietf-dkim] Signal to noise ratio Bill.Oxley
- Re: [ietf-dkim] Tracing SSP's paradigm change Scott Kitterman
- Re: [ietf-dkim] Tracing SSP's paradigm change Steve Atkins
- Re: [ietf-dkim] Tracing SSP's paradigm change Wietse Venema
- Re: [ietf-dkim] Tracing SSP's paradigm change Scott Kitterman
- Re: [ietf-dkim] Tracing SSP's paradigm change Hector Santos
- Re: [ietf-dkim] Tracing SSP's paradigm change Arvel Hathcock
- Re: [ietf-dkim] Tracing SSP's paradigm change Steve Atkins
- Re: [ietf-dkim] Tracing SSP's paradigm change Douglas Otis
- Re: [ietf-dkim] Tracing SSP's paradigm change Michael Thomas
- Re: [ietf-dkim] Tracing SSP's paradigm change Hector Santos
- threat modeling & use cases (was RE: [ietf-dkim] … J D Falk
- Re: [ietf-dkim] Tracing SSP's paradigm change Steve Atkins
- [ietf-dkim] Re: Tracing SSP's paradigm change Frank Ellermann
- Re: [ietf-dkim] Re: Tracing SSP's paradigm change Steve Atkins
- Re: [ietf-dkim] Re: Issue #1512: Re: making SSP u… Jim Fenton
- [ietf-dkim] Re: Tracing SSP's paradigm change Frank Ellermann
- Re: [ietf-dkim] Re: Issue #1512: Re: making SSP u… John L
- Re: [ietf-dkim] Re: Tracing SSP's paradigm change Scott Kitterman
- Re: threat modeling & use cases (was RE: [ietf-dk… Steve Atkins
- Re: threat modeling & use cases (was RE: [ietf-dk… Scott Kitterman
- Re: threat modeling & use cases (was RE: [ietf-dk… Steve Atkins
- Re: threat modeling & use cases (was RE: [ietf-dk… Dave Crocker
- Re: threat modeling & use cases (was RE: [ietf-dk… Hector Santos
- [ietf-dkim] Putting away the SSP Crystal Ball Patrick Peterson
- [ietf-dkim] Does nobody or everybody want SSP? Patrick Peterson
- RE: [ietf-dkim] Tracing SSP's paradigm change Patrick Peterson
- RE: [ietf-dkim] Tracing SSP's paradigm change Patrick Peterson
- RE: [ietf-dkim] Tracing SSP's paradigm change Patrick Peterson
- RE: [ietf-dkim] Tracing SSP's paradigm change Patrick Peterson
- [ietf-dkim] Next-generation SPF cabal Patrick Peterson
- Re: [ietf-dkim] Putting away the SSP Crystal Ball Dave Crocker
- Re: [ietf-dkim] Putting away the SSP Crystal Ball Scott Kitterman
- RE: [ietf-dkim] Next-generation SPF cabal Bill.Oxley
- Re: [ietf-dkim] Next-generation SPF cabal Scott Kitterman
- Re: [ietf-dkim] Next-generation SPF cabal Hector Santos
- [ietf-dkim] "no mail" (was: Next-generation SPF c… Frank Ellermann
- Re: [ietf-dkim] Tracing SSP's paradigm change Dave Crocker
- Re: [ietf-dkim] Tracing SSP's paradigm change Jon Callas
- [ietf-dkim] Re: Tracing SSP's paradigm change Frank Ellermann
- Re: [ietf-dkim] Re: Issue #1512: Re: making SSP u… Jeff Macdonald
- Re: [ietf-dkim] Re: Issue #1512: Re: making SSP u… John L
- Re: [ietf-dkim] Re: Issue #1512: Re: making SSP u… Hector Santos
- Re: [ietf-dkim] Re: Issue #1512: Re: making SSP u… Jon Callas
- RE: threat modeling & use cases (was RE: [ietf-dk… J D Falk
- Re: threat modeling & use cases (was RE: [ietf-dk… Steve Atkins
- RE: [ietf-dkim] Tracing SSP's paradigm change J D Falk
- RE: threat modeling & use cases (was RE: [ietf-dk… J D Falk
- Re: [ietf-dkim] Tracing SSP's paradigm change Mark Delany
- Re: [ietf-dkim] Tracing SSP's paradigm change Jim Fenton
- Re: threat modeling & use cases (was RE: [ietf-dk… Jim Fenton
- Re: [ietf-dkim] Tracing SSP's paradigm change Mark Delany
- Re: [ietf-dkim] Tracing SSP's paradigm change Jim Fenton
- Re: [ietf-dkim] Tracing SSP's paradigm change Jim Fenton
- Re: [ietf-dkim] Tracing SSP's paradigm change Mark Delany
- Re: [ietf-dkim] Hostile to DKIM deployment Jim Fenton
- Re: [ietf-dkim] Tracing SSP's paradigm change Dave Crocker
- [ietf-dkim] Re: Tracing SSP's paradigm change Frank Ellermann
- Re: [ietf-dkim] Tracing SSP's paradigm change Jim Fenton
- Re: [ietf-dkim] Tracing SSP's paradigm change Dave Crocker
- [ietf-dkim] Hostile to DKIM deployment Wietse Venema
- [ietf-dkim] Process Question Michael Thomas
- Issue 1527 - Threats (was Re: [ietf-dkim] Hostile… Dave Crocker
- Re: [ietf-dkim] Process Question Hector Santos
- Re: [ietf-dkim] Hostile to DKIM deployment Hector Santos
- Re: [ietf-dkim] Hostile to DKIM deployment Wietse Venema
- Re: [ietf-dkim] Process Question Dave Crocker
- Re: [ietf-dkim] Tracing SSP's paradigm change Michael Thomas
- Re: [ietf-dkim] Tracing SSP's paradigm change Hector Santos
- Re: [ietf-dkim] Hostile to DKIM deployment Hector Santos
- [ietf-dkim] ISSUE: minimal version of SSP, was Tr… John Levine
- Re: [ietf-dkim] Hostile to DKIM deployment Damon
- Re: threat modeling & use cases (was RE: [ietf-dk… Dave Crocker
- Re: [ietf-dkim] Process Question Stephen Farrell
- Re: [ietf-dkim] Hostile to DKIM deployment Wietse Venema
- Re: [ietf-dkim] Hostile to DKIM deployment Dave Crocker
- Re: Issue 1527 - Threats (was Re: [ietf-dkim] Hos… Hector Santos
- Re: Issue 1527 - Threats (was Re: [ietf-dkim] Hos… Stephen Farrell
- Re: Issue 1527 - Threats (was Re: [ietf-dkim] Hos… Dave Crocker
- Re: Issue 1527 - Threats (was Re: [ietf-dkim] Hos… Steve Atkins
- Re: Issue 1527 - Threats (was Re: [ietf-dkim] Hos… Michael Thomas
- Re: Issue 1527 - Threats (was Re: [ietf-dkim] Hos… Steve Atkins
- Re: Issue 1527 - Threats (was Re: [ietf-dkim] Hos… Dave Crocker
- Re: Issue 1527 - Threats (was Re: [ietf-dkim] Hos… John Levine