ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] A few SSP axioms

2006-08-01 08:48:06
from [Dave Crocker] [Permanent Link] 


Damon wrote:

...So I
want to say- Trust my signature but expressly distrust my providers
signature if not also signed by me. Both messages, mine and the spammers
are genuine and unchanged, signed by my provider, but only my signed
messages are valid.


SSP is not about "trust".  SSP does not provide instructions to recipients.

SSP makes declarations about the practices by the sender.

In the specific scenario you describe, the trustworthiness of your operator is
something that will be assessed by the receive-side component that uses the
validated signature(s).

d/
-- 

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Are verifiers expected to query SSP on a successful verify?, Dave Crocker
Next by Date:  Re: [ietf-dkim] Are verifiers expected to query SSP on a successful verify?, Michael Thomas
Previous by Thread:  Re: [ietf-dkim] A few SSP axioms, Hector Santos
Next by Thread:  Re: [ietf-dkim] A few SSP axioms, John Levine
Indexes:  [Date] [Thread] [Top] [All Lists]