Mark Delany wrote:
Having the signer or the ssp publishes tell the evaluator what they should do
with a message is not a good idea
Why do you say that Dave?
If SSP is not giving guidance/information to receivers/evaluators, who
then is the target audience for SSP? And what do we want them to do
with the information?
An interesting twist to "telling evaluators", as you put it, is that
SSP is a negative indicator. It's telling evaluators *not* to deliver
unless the right conditions are met. Why would an "evaluator" be
suspicious of a domain that encourages non-delivery of its own traffic
when in doubt?
The signer knows everything there is about their own behaviors. They cannot
know very much about the context, needs, preferences, or much else about the
evaluator. Therefore they cannot know very much about what the evaluator
"should" do with a message.
Seriously. SSP can be entirely useful when stated in terms of the sender's
perspective. It does not need to pretend that is knows enough to give
directions to an evaluator.
We have done quite a good job, so far, of distinguishing statements about
signing from statements about delivery or non-delivery. The issue is not
whether the evaluator might be "suspicious" of a direction to perform
non-delivery. It is that it crosses a line into making presumptions about the
evaluator that a) the Internet technical community does not have experience
with, and b) we do not need to cross.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html