Jim Fenton wrote:
It makes enormously good sense for us to seek to rein in rogue
independent third parties that have no relationship to the domain owner.
However to ask random recipients to enforce internal policies of the
domain owner seems considerably beyond what is reasonable for an
Internet scale protocol service.
It isn't the internal policy that we're seeking to enforce. It's that,
as a result of the fact that the internal policies are set up a
particular way, that makes it possible to detect other unauthorized uses
of the domain more directly. We may end up "enforcing" (your term, not
mine) internal policies in the process, but that's a side effect.
So, when I stood at the microphone and asked whether SSP was seeking to
recruit recipients in enforcing contractual arrangements between a signer and
their agents, and was told yes, that statement was incorrect?
This is merely one more example that, at base what we have here is a very
serious challenge for anyone seeking to obtain clear, precise and consistent
statements about SSP's purpose and use that have anything approaching working
NOTE WELL: This list operates according to