Stephen Farrell wrote:
So if, during the threat analysis, we identify some such
constraints that make life easier/better when combined with
some ssp options then we could consider standardising them,
or did you mean that any such constraints should be just up
to the individual implementer/signer?
That's pretty much how I view it. It's like which headers you sign:
there are some that are pretty obvious, but other that aren't and
it doesn't affect interoperability to have different signers have
different opinions that I can see. I'm somewhat skeptical that we'd
get a single answer that could be codified at this point, and the
amount of effort to get there could frankly be used on more
important problems, IMO.
Mike
_______________________________________________
ietf-dkim mailing list
http://dkim.org