On Oct 26, 2005, at 4:48 PM, Dave Crocker wrote:
Can you acknowledge the trade-off and defend this choice?
Can you demonstrate any support on the list for your proposal?
Those advocating use of SSP should be prepared to review disruptive
changes to email handling that will be entailed. SSP related
problems were not covered in the threat review prepared by Jim. From
initial concept to recent changes, details of SSP were not discussed
on the list. While From header email-address authorization has many
advocates, the number of these advocates is not the issue, it is the
integrity of the transport.
SSP does not need to be bound to the From header to repudiate
messages from Bad Actors. Signing policy could be standardized to
permit RFC2822 conventions for headers related to the message's
introduction into the transport. With that choice in mind...
Is an originator's email-address better verified with OpenPGP or S/MIME?
What damage does SSP cause the email message transport system?
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org