IETF Logo Mail Archive

Re: [ietf-dkim] SSP requirements

John Levine <johnl@iecc.com> Sat, 05 August 2006 06:04 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G9FGc-0006sd-Kz for ietf-dkim-archive@lists.ietf.org; Sat, 05 Aug 2006 02:04:10 -0400
Received: from stsc1260-eth-s1-s1p1-vip.va.neustar.com ([156.154.16.129] helo=chiedprmail1.ietf.org) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G9DGV-0004QR-8E for ietf-dkim-archive@lists.ietf.org; Fri, 04 Aug 2006 23:55:55 -0400
Received: from sb7.songbird.com ([208.184.79.137]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1G9D37-0007wR-RD for ietf-dkim-archive@lists.ietf.org; Fri, 04 Aug 2006 23:42:07 -0400
Received: from sb7.songbird.com (sb7.songbird.com [127.0.0.1]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k753fWUW003111; Fri, 4 Aug 2006 20:41:32 -0700
Received: from xuxa.iecc.com (xuxa.iecc.com [208.31.42.42]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with SMTP id k753fNVs003096 for <ietf-dkim@mipassoc.org>; Fri, 4 Aug 2006 20:41:24 -0700
Received: (qmail 7096 invoked from network); 5 Aug 2006 03:40:58 -0000
Received: from simone.iecc.com (208.31.42.47) by mail2.iecc.com with QMQP; 5 Aug 2006 03:40:58 -0000
Date: Sat, 05 Aug 2006 03:40:58 -0000
Message-ID: <20060805034058.861.qmail@simone.iecc.com>
From: John Levine <johnl@iecc.com>
To: ietf-dkim@mipassoc.org
Subject: Re: [ietf-dkim] SSP requirements
In-Reply-To: <44D404C8.6070401@mtcc.com>
Organization:
Mime-Version: 1.0
Content-type: text/plain; charset="iso-8859-1"
Content-transfer-encoding: 7bit
X-Songbird: Clean, Clean
Cc:
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
X-SongbirdInformation: support@songbird.com for more information
X-Songbird-From: ietf-dkim-bounces@mipassoc.org
X-Spam-Score: -3.0 (---)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5

>I can't gather requirements if I can't make any sense of what you're saying.

That's a reasonable concern.

The fog around SSP is so opaque that I'm really wondering if it
wouldn't make more sense to punt and wait for people to do enough
experiments to understand what turns out to be useful.

The first open question is when a receipient would check a sender's
SSP.  It seems pretty clear that if a message is self-signed, there's
no need to check, and if it's completely unsigned you do want to
check.  But what if it's signed by a third party you trust?  (That's
the mailing list scenario.)  If a message is signed both by you and by
someone else I see no reason to treat that as anything other than a
self-signed message, but some people disagree for reasons that remain
unclear.

Assuming we can work that out, I hear reasonable unanimity on "I
send no mail", that is, if you get an unsigned message purporting
to be from me, it's a fake so throw it away.

I hear considerably less consensus on "I do send mail but throw it
away if it's not signed."  There's some sentiment for "if foo signs
it, then it's OK" although then we get into arguments about delegating
signing keys and the like.  I hear no consensus at all about anything
else.  There are lots of other true things one could say about one's
outgoing mail, but surprisingly little that's useful to recipients.

A spec with 1 2/3 bits of data doesn't impress me as worth writing.

R's,
John

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

v2.23.0 | Report a Bug | By Email