From: Murray S. K. <ms...@se...> - 2007-08-06 22:34:07
|
Please confine future comments about the beta releases to the beta list. On Mon, 6 Aug 2007, Mark Martinec wrote: > Why burdening senders with a SSP query when originator signature > verifies??? I used slightly too broad a stroke in describing this. The case I need to cover in particular is unsigned messages, which weren't covered in the previous code. We need to be able to tell if an unsigned message should have been signed. Before that it was applying DomainKeys logic which stipulated that you would only go to a policy lookup when a message failed verification. Also, the fact that I do an SSP evaluation (i.e. call the dkim_policy() function) doesn't always result in a DNS query. To wit, step one of the algorithm laid out in section 4.4 of the draft says: 1. If a valid Originator Signature exists, the message is non- Suspicious, and the algorithm terminates. There's no DNS involved in that test so running the algorithm on all messages, even those that succeed, is not a burden to the sender. -MSK |