John L wrote:
I have to say that the more discussion I see from advocates of SSP,
the less I think that anyone really understands what it's supposed to do.
So here's the main SSP axiom that I think should be self-evident, but
apparently isn't: other than the trivial (but useful) case of I send
no mail, the most that SSP can tell you is that a signature is missing.
If a message has a signature, no amount of SSP can unsign it. It
might be able to say that a signature is missing, e.g., it's signed by
your ISP but the SSP says it's supposed to be signed by you, too.
The other axiom is that any useful SSP statement (again excepting I
send no mail) contains "all". Statements like "I sign some mail" are
useless, because they validate any message, signed or not. Statements
like "I sign no mail" are useless because recipients will already have
figured that out when they see no signatures, or else your SSP is
broken if they do see signatures.
These don't seem axiomatic in any way that I can tell. The latter is
just an optimization
of "I sign all of my mail". What is being lost here is that forensic
information is often very
useful, so there is a very clear difference between publishing a policy
that says "I don't
sign everything" and no policy at all from a forensic standpoint. Ditto
with "I don't sign
Instrumenting protocols -- especially when you're not very sure of how
the beast works --
seems like just plain good sense engineering.
NOTE WELL: This list operates according to