ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Should DKIM drop SSP?

2005-10-27 07:50:42
from [Scott Kitterman] [Permanent Link] 
On 10/26/2005 07:24 pm, Douglas Otis wrote:

On Oct 26, 2005, at 3:32 PM, Scott Kitterman wrote:

No we should not.

Is there anything in this line of reasoning that isn't duplicative
of the last
time we went through your view on this in August?


At that time, if I recall, the problem was related to shared systems
and possible unfair accrual of reputation based upon the email-
address.  This issue was left open.  Since then, SSP has become more
disruptive of typical email use.  Unfortunately such disruption by
SSP is _required_ before benefits are derived with respect to
repudiating invalid messages.  Such disruption would not occur when a
relationship to the email message transport is used as the basis of
the policy, rather than the author.

Risks to valid messages associated with these policies and a lack of
a defensive strategy remain the greatest risks to a successful
outcome.  There are several that see From email-address authorization
mechanisms as the means for abating spam. I see this as a dead-horse,
but this aspiration has remained constant and seems to accompany a
willingness to inflict significant damage upon the email transport.

As you do not want SSP to drop policies related to the From header,
what are the trade-offs being made when SSP policies are applied in a
manner that allows repudiation of messages from Bad Actors?

Can you acknowledge the trade-off and defend this choice?


Sure there is an OPTION to make a trade-off.  The trade-off will be worth it 
for some domain owners and not for others.  If SSP was required and was 
required to limit signing to first party signers, then your concerns might 
have some traction, but AFAICT, none of that is the case.

I don't think it's really my job to defend SSP when so far everyone who's 
replied on the list is in favor of it.  I may be missing something, but I 
don't see anything new in your arguments.  Last time we went round and round 
on this it seemed to me that it really didn't go anywhere.  I don't 
particularly care to waste the time with another series of pointless e-mail 
exchanges.

Scott K
_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Re: SSP and Sender header field, Michael Thomas
Next by Date:  Re: [ietf-dkim] web page now includes paris audio and jabber archive pointers, Dave Crocker
Previous by Thread:  Re: [ietf-dkim] Re: Should DKIM drop SSP?, Scott Kitterman
Next by Thread:  Re: [ietf-dkim] Should DKIM drop SSP?, wayne
Indexes:  [Date] [Thread] [Top] [All Lists]