ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] SSP complications, wa The URL to my paper ...

2006-07-28 06:34:54
On Friday 28 July 2006 00:22, John Levine wrote:
Yes.  What I want as a small domain owner is the ability to publish a
policy record that say that for mail sent (for some definition of sent
that we will probably have to argue about later) from my domain, the
domain(s) authorized to sign are ...

Once again I ask: what possible use could a recipient make of this
assertion?

If your ISP signs your mail and, for whatever reason, the recipient likes
the ISP's domain, they'll accept your mail.  If not, they'll filter or
reject it.  How would an SSP assertion change that?

On the other hand, if your mail passes through some other relay or
forwarder which signs your mail on the way through, would you want the
recipient then to reject your mail?  If so, why?  If not, what point
is there to publish a list of signers?

I think that's an argument against the concept of SSP in general and not this 
specific requirement.  I thought that issue had been settled.

The point is to put small non-technical domain owners on an equal policy 
footing with domain owners with the ability to run dedicated mail servers.  
The difference between first party and third party is that in first party the 
signing domain is assumed to be authorized by the sending domain to do so 
since they are the same.  I think there should be a way to make the same 
assertion explicitly for some external entity.

In terms of usage, I would expect mail signed by a third party that is 
explicitly authorized to be treated the same as first party signatures.

Your argument seems to me to be that it's all going to come down to a 
reputation system anyway so why bother with policy at all.  I understand that 
argument and do not agree with it.

Scott K
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html