Re: [ietf-dkim] user level ssp
Jim Fenton <fenton@cisco.com> Wed, 06 September 2006 22:52 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GL6G4-0000D6-3M for ietf-dkim-archive@lists.ietf.org; Wed, 06 Sep 2006 18:52:36 -0400
Received: from sb7.songbird.com ([208.184.79.137]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GL69o-0003BK-TS for ietf-dkim-archive@lists.ietf.org; Wed, 06 Sep 2006 18:46:10 -0400
Received: from sb7.songbird.com (sb7.songbird.com [127.0.0.1]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k86MieJC028399; Wed, 6 Sep 2006 15:44:41 -0700
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by sb7.songbird.com (8.12.11.20060308/8.12.11) with ESMTP id k86MiaU7028382 for <ietf-dkim@mipassoc.org>; Wed, 6 Sep 2006 15:44:36 -0700
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-6.cisco.com with ESMTP; 06 Sep 2006 15:44:15 -0700
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-4.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k86MiFQl022664; Wed, 6 Sep 2006 15:44:15 -0700
Received: from imail.cisco.com (sjc12-sbr-sw3-3f5.cisco.com [172.19.96.182]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id k86MiEQV020552; Wed, 6 Sep 2006 15:44:14 -0700 (PDT)
Received: from [171.71.97.128] (dhcp-171-71-97-128.cisco.com [171.71.97.128]) by imail.cisco.com (8.12.11/8.12.10) with ESMTP id k86MYnSa002447; Wed, 6 Sep 2006 15:34:49 -0700
Message-ID: <44FF4F3E.3000405@cisco.com>
Date: Wed, 06 Sep 2006 15:44:14 -0700
From: Jim Fenton <fenton@cisco.com>
User-Agent: Thunderbird 1.5.0.5 (Windows/20060719)
MIME-Version: 1.0
To: "J.D. Falk" <jdfalk@yahoo-inc.com>
Subject: Re: [ietf-dkim] user level ssp
References: <198A730C2044DE4A96749D13E167AD37D3F5E3@MOU1WNEXMB04.vcorp.ad.vrsn.com> <44FF33E6.5030004@yahoo-inc.com>
In-Reply-To: <44FF33E6.5030004@yahoo-inc.com>
X-Enigmail-Version: 0.93.2.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Authentication-Results: sj-dkim-4.cisco.com; header.From=fenton@cisco.com; dkim=pass ( sig from cisco.com verified; );
DKIM-Signature: a=rsa-sha1; q=dns; l=1092; t=1157582655; x=1158446655; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=fenton@cisco.com; z=From:Jim=20Fenton=20<fenton@cisco.com> |Subject:Re=3A=20[ietf-dkim]=20user=20level=20ssp; X=v=3Dcisco.com=3B=20h=3D6crkA9hVl6eI8sqO1y0tSNF9Wso=3D; b=BCCKb9Wv36JVZtwY+oz7SrrYq6YB0wDFZZifUbYbkBfVbQ7/hL0pFySrp7ikZbrBvLgpAnYn G13PiNnN6hv7GUwxCNlF9NLX65tztdgihbU+rFYOmdJ35gjpFcnXf4tU;
X-Songbird: Clean, Clean
Cc: IETF-DKIM <ietf-dkim@mipassoc.org>
X-BeenThere: ietf-dkim@mipassoc.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF DKIM Discussion List <ietf-dkim.mipassoc.org>
List-Unsubscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=unsubscribe>
List-Archive: <http://mipassoc.org/pipermail/ietf-dkim>
List-Post: <mailto:ietf-dkim@mipassoc.org>
List-Help: <mailto:ietf-dkim-request@mipassoc.org?subject=help>
List-Subscribe: <http://mipassoc.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@mipassoc.org?subject=subscribe>
Sender: ietf-dkim-bounces@mipassoc.org
Errors-To: ietf-dkim-bounces@mipassoc.org
X-SongbirdInformation: support@songbird.com for more information
X-Songbird-From: ietf-dkim-bounces@mipassoc.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a
J.D. Falk wrote: > On 2006-09-06 10:45, Hallam-Baker, Phillip wrote: > >> The main value I see in user level policy is easing phased >> deployment. If you are a bank with 100,000 employees with email and >> you want to deploy DKIM you probably want some form of hook that lets >> you do it in stages. > > So they'll have 100,000 SSP records? > > Perhaps there's an easier, more flexible, more scalable hook...like > "we don't sign all mail." > There's a subtlety in draft-allman-dkim-ssp-02 that if user-level SSP is specified but no user-level record is found, it uses the domain-level SSP. So if there are a few exceptions to the domain-level SSP, you only need to publish a few. In any case, for your example, no more than 50,000 :-) The aspect of user-level SSP that concerns me equally is the transaction load. When user-level SSP is "turned on", the verifier MUST query for a user-level record in addition to the domain-level record. User-level queries are not as effectively cached, since these are queries for individual addresses, not domains. -Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
- Re: [ietf-dkim] user level ssp Damon
- [ietf-dkim] user level ssp Michael Thomas
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] user level ssp J.D. Falk
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- Re: [ietf-dkim] user level ssp J.D. Falk
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- Re: [ietf-dkim] user level ssp Jim Fenton
- Re: [ietf-dkim] user level ssp Douglas Otis
- tree walking (was - Re: [ietf-dkim] user level ss… william(at)elan.net
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: tree walking (was - Re: [ietf-dkim] user leve… Jim Fenton
- Re: tree walking (was - Re: [ietf-dkim] user leve… Douglas Otis
- Re: [ietf-dkim] user level ssp Thomas A. Fine
- Re: [ietf-dkim] user level ssp Wietse Venema
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] user level ssp John Levine
- Re: [ietf-dkim] user level ssp Wietse Venema
- Re: [ietf-dkim] user level ssp Douglas Otis
- RE: [ietf-dkim] user level ssp Bill.Oxley
- Re: [ietf-dkim] user level ssp Wietse Venema
- Re: [ietf-dkim] user level ssp Douglas Otis
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- Re: [ietf-dkim] user level ssp Wietse Venema
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- Re: [ietf-dkim] user level ssp Thomas A. Fine
- Re: [ietf-dkim] user level ssp Wietse Venema
- RE: [ietf-dkim] user level ssp Bill.Oxley
- Re: [ietf-dkim] user level ssp Douglas Otis
- RE: [ietf-dkim] user level ssp Thomas A. Fine
- Re: [ietf-dkim] user level ssp Dave Crocker
- Re: [ietf-dkim] user level ssp Michael Thomas
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] user level ssp Michael Thomas
- Re: [ietf-dkim] user level ssp Dave Crocker
- Re: [ietf-dkim] user level ssp Jim Fenton
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- Re: [ietf-dkim] user level ssp John L
- Re: [ietf-dkim] user level ssp Jim Fenton
- Re: [ietf-dkim] user level ssp Douglas Otis
- RE: [ietf-dkim] user level ssp Bill.Oxley
- Re: [ietf-dkim] user level ssp Michael Thomas
- Re: [ietf-dkim] user level ssp Thomas A. Fine
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- Re: [ietf-dkim] user level ssp (let me review) Thomas A. Fine
- RE: [ietf-dkim] user level ssp Arvel Hathcock
- Re: [ietf-dkim] user level ssp John Levine
- Re: [ietf-dkim] user level ssp Douglas Otis
- [ietf-dkim] Re: user level ssp Frank Ellermann
- Re: [ietf-dkim] user level ssp Jon Callas
- Re: [ietf-dkim] user level ssp Thomas A. Fine
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- Re: [ietf-dkim] user level ssp Douglas Otis
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- Re: [ietf-dkim] user level ssp Steve Atkins
- Re: tree walking (was - Re: [ietf-dkim] user leve… william(at)elan.net
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- RE: [ietf-dkim] user level ssp Thomas A. Fine
- Re: [ietf-dkim] user level ssp Steve Atkins
- [ietf-dkim] Re: user level ssp Frank Ellermann
- Re: [ietf-dkim] user level ssp John Levine
- Self-assertion of...well, anything at all (was Re… J.D. Falk
- Re: [ietf-dkim] Re: user level ssp J.D. Falk
- Re: [ietf-dkim] user level ssp Thomas A. Fine
- RE: [ietf-dkim] user level ssp Hallam-Baker, Phillip
- Re: [ietf-dkim] user level ssp (let me review) Douglas Otis
- Re: tree walking (was - Re: [ietf-dkim] user leve… Jim Fenton
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] user level ssp Scott Kitterman
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] The basic problem with SSP John Levine
- Re: [ietf-dkim] The basic problem with SSP Dave Crocker
- Re: [ietf-dkim] The basic problem with SSP Douglas Otis
- Re: [ietf-dkim] The basic problem with SSP Damon
- [ietf-dkim] SSP = FAILURE DETECTION Hector Santos
- Re: [ietf-dkim] SSP = FAILURE DETECTION Steve Atkins
- Re: [ietf-dkim] SSP = FAILURE DETECTION Douglas Otis
- Re: [ietf-dkim] The basic problem with SSP Scott Kitterman
- Re: [ietf-dkim] SSP = FAILURE DETECTION Wietse Venema
- Re: [ietf-dkim] SSP = FAILURE DETECTION Hector Santos
- [ietf-dkim] Sign it all, publish the policy, and … Thomas A. Fine
- Re: [ietf-dkim] SSP = FAILURE DETECTION Hector Santos
- Re: [ietf-dkim] SSP = FAILURE DETECTION Dave Crocker
- Re: [ietf-dkim] SSP = FAILURE DETECTION Hector Santos
- Re: [ietf-dkim] SSP = FAILURE DETECTION Douglas Otis
- Re: [ietf-dkim] user level ssp wayne
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] user level ssp Wietse Venema
- RE: [ietf-dkim] SSP = FAILURE DETECTION Bill.Oxley
- Re: [ietf-dkim] user level ssp wayne
- Re: [ietf-dkim] user level ssp wayne
- Re: [ietf-dkim] user level ssp Dave Crocker
- Re: [ietf-dkim] user level ssp Wietse Venema
- Re: [ietf-dkim] user level ssp John Levine
- Re: [ietf-dkim] user level ssp wayne
- Re: [ietf-dkim] user level ssp Michael Thomas
- Re: [ietf-dkim] user level ssp Scott Kitterman
- Re: [ietf-dkim] user level ssp Thomas A. Fine
- Re: [ietf-dkim] we don't know what SSP means John Levine
- Re: [ietf-dkim] we don't know what SSP means Stephen Farrell
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] we don't know what SSP means Dave Crocker
- Re: [ietf-dkim] we don't know what SSP means Michael Thomas
- Re: [ietf-dkim] user level ssp Hector Santos
- Re: [ietf-dkim] we don't know what SSP means Stephen Farrell
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] user level ssp Hector Santos
- [ietf-dkim] SSP Policies and SSP-02 Comments Hector Santos
- Re: [ietf-dkim] user level ssp Douglas Otis
- Re: [ietf-dkim] user level ssp Thomas A. Fine
- Re: [ietf-dkim] we don't know what SSP means Jim Fenton
- Re: [ietf-dkim] SSP = FAILURE DETECTION J.D. Falk
- Re: [ietf-dkim] SSP = FAILURE DETECTION Hector Santos
- accept, deny, or other delivery decisions (was Re… J.D. Falk
- Re: accept, deny, or other delivery decisions (wa… Hector Santos
- Re: accept, deny, or other delivery decisions (wa… Douglas Otis
- Re: accept, deny, or other delivery decisions (wa… John Levine
- Re: accept, deny, or other delivery decisions (wa… Hector Santos
- Re: accept, deny, or other delivery decisions (wa… J.D. Falk
- Re: accept, deny, or other delivery decisions (wa… Douglas Otis
- [ietf-dkim] Relaxed always (was: user level ssp) Frank Ellermann
- Re: accept, deny, or other delivery decisions (wa… Hector Santos
- Re: accept, deny, or other delivery decisions (wa… Hector Santos
- [ietf-dkim] Reputation vs SSP Hector Santos
- Re: accept, deny, or other delivery decisions (wa… Steve Atkins
- Re: accept, deny, or other delivery decisions (wa… Scott Kitterman
- Re: accept, deny, or other delivery decisions (wa… Scott Kitterman
- [ietf-dkim] Using Reputation with DKIM-BASE - Its… Hector Santos
- [ietf-dkim] Re: SSP = FAILURE DETECTION Frank Ellermann
- Re: accept, deny, or other delivery decisions (wa… Steve Atkins
- [ietf-dkim] Re: SSP = FAILURE DETECTION Frank Ellermann
- Re: [ietf-dkim] Re: SSP = FAILURE DETECTION Steve Atkins
- [ietf-dkim] Re: SSP = FAILURE DETECTION Frank Ellermann
- Re: accept, deny, or other delivery decisions (wa… Douglas Otis
- Re: accept, deny, or other delivery decisions (wa… J.D. Falk
- Re: accept, deny, or other delivery decisions (wa… Hector Santos
- Re: accept, deny, or other delivery decisions (wa… Douglas Otis
- Re: accept, deny, or other delivery decisions (wa… Hector Santos
- Re: accept, deny, or other delivery decisions (wa… Douglas Otis
- Re: accept, deny, or other delivery decisions (wa… J.D. Falk
- [ietf-dkim] Wait and See? Douglas Otis