On Sat, 2006-04-29 at 08:38 +0200, Eliot Lear wrote:
This seems to me to be a poor man's version of SSP, and I would think
that we would consider it in such a context. But even if we were to
consider this now, wouldn't different selectors cover this ground?
It is unknown whether an SSP record can be discovered when investigating
email-addresses found within the message. The DKIM signature is not
required to have any relationship with an email-address however, which
is good.
The possible independence of the email-address also means that when the
email-address's SSP allows third-party signing, SSP could be worthless
at establishing _any_ level of trust, even when the signer is well-know
and trusted and willing to vouch for the source. The r= parameter would
allow the signing-domain far greater clout. After all, the signing-
domain is where the trust _must_ be derived. For many email-addresses,
SSP will offer _nothing_ in regard to trust. There is real value in r=.
A selector tagging convention could be established, but it would not
offer as much flexibility as would the r= parameter. A key selector can
not offer a range, where a common key could be used for different levels
of vetted sources when signed at the MTA, for example. A key selector
also does not have any relative merit, which would need to be
established by convention. A simple sequence of numbers already imparts
this relationship.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html