----- Original Message -----
From: "william(at)elan.net" <william(_at_)elan(_dot_)net>
SSP is ability to indicate policy for email address, i.e. when you see
address in from you can check to find if emails from that address are
supposed to be signed. If you only check policy record when you see a
signature - this pretty much breaks the reason for having such policy
record in the first place.
I believe Tony's suggestion (which was already discussed 6+ months ago)
is to include the SSP as part of key lookup DNS record as a optimization
feature.
The problem is 3rd party signatures. The OA might may not want to have
3rd party Key signers defining the signing policy. So you need to key
it separate.
When discussed in the past, it was all about reducing the SSP lookups.
As it seemed to me, there was the big resistance in doing additional
lookups.
I agreed, but my only point then was that we should put optimization
aside to workout all the ideal boundary conditions first to remove all
protocol loopholes. Then you optimize it, and if that's not possible and
makes the entire process impractical, then you throw the idea away and
go back to the drawing board. :-)
But the worst thing to do is to ignore it and/or make it all optional
because that would be he easiest thing to do.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
ietf-dkim mailing list
http://dkim.org