----- Original Message -----
From: "Douglas Otis" <dotis(_at_)mail-abuse(_dot_)org>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
Cc: <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Wednesday, November 02, 2005 1:19 PM
Subject: Re: [ietf-dkim] SSP acceptance chart
It is interesting that an invalid signature is offered greater access
than no signature. The invalid signature is even granted greater
acceptance than a valid third-party signature. Where there is no
policy, a third-party signature is given reduced acceptance to that
of no signature? This seems force the use of SSP and completely
ignore the reputation of the signing-domain, does it not?
Doug, you are mixing ABSTRACT concepts and SWAGS with concrete compliancy
and consistent concepts.
You need to get that straight first. I am thinking AUTOMATION based on
language and syntax. I'm trying to remove FUZZY LOGIC. REPUTATION is an
subjective abstract and learned concept.
We will continue to have this philosophical Administrator vs. Developer
conflicts because in my opinion, the #1 problem with email security begins
with the lack of compliancy and consistency "expectation" in the transaction
process. That is what got us here in the first place. That is the problems
we face with our software. That is the support issues we face in trying to
satisfy customers. That is by-far the problem we all see. You come from an
angle with a SOLUTION to a PROBLEM. I come from a angle where we first try
to reduce the PROBLEM. Its a akin to have a leak in your pipes. You might
want to try to inject some clogging agent, I will try to check my values and
washers first.
Once we work out the straight forward technical logic, then you work in
reputation ideas.
If you insist that REPUTATION comes before DKIM analysis, then we are back
to square one with the proverbial "chicken and egg" 821 vs. 822 design
decisions.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
ietf-dkim mailing list
http://dkim.org