ietf-dkim
[Top] [All Lists]

RE: [ietf-dkim] A few SSP axioms

2006-07-31 12:20:10
Making statements about a generalized 'other' that are thus irrebuttable due to 
lack of specificity is a bogus rhetorical move.


All SSP can do is to tell the recipient to expect a certain level of security.

I sign some mail is usefull provided you know which mail is and is not signed. 
The selector mechanism I have described allows those semantics.

What you cannot have is mail that does not have any selector.



-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org 
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of John L
Sent: Monday, July 31, 2006 10:02 AM
To: DKIM List
Subject: [ietf-dkim] A few SSP axioms

I have to say that the more discussion I see from advocates 
of SSP, the less I think that anyone really understands what 
it's supposed to do.

So here's the main SSP axiom that I think should be 
self-evident, but apparently isn't: other than the trivial 
(but useful) case of I send no mail, the most that SSP can 
tell you is that a signature is missing.

If a message has a signature, no amount of SSP can unsign it. 
 It might be able to say that a signature is missing, e.g., 
it's signed by your ISP but the SSP says it's supposed to be 
signed by you, too.

The other axiom is that any useful SSP statement (again 
excepting I send no mail) contains "all".  Statements like "I 
sign some mail" are useless, because they validate any 
message, signed or not.  Statements like "I sign no mail" are 
useless because recipients will already have figured that out 
when they see no signatures, or else your SSP is broken if 
they do see signatures.

Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The 
Internet for Dummies", Information Superhighwayman wanna-be, 
http://johnlevine.com, Mayor "I dropped the toothpaste", said 
Tom, crestfallenly.
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html



_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html