Jim Fenton wrote:
If you go to the message that Pat Peterson wrote that started this
thread, that is exactly what some domains would like to do. They
consider SSP to be helpful to counter phishing [Please, let's not
re-open that question; it has been discussed to death] even if it is
ineffective with look-alike domains and such. The requirement for the
recipient to opt-in to have unsigned messages from their domains removed
diminishes that perceived benefit greatly.
(I mean to post a thank-you to Pat for his note. That kind of market research
is always helpful.)
Oddly, Pat's research adds an interesting challenge for the wg. End users state
They are not attempting to specify a path to achieve it. That's our job.
Standards groups often try to specify all of a complex solution, because they
are trying to respond exactly to the (imagined, perceived, or researched)
end-user's description of what they want. It is what usually kills really
interesting efforts, because the task is too complex, in its entirety, to do all
So, I claim, our challenge is to take the end-user desire and figure out an
initial deliverable that is as small as possible, while still providing real
utility to the end-user, even if that utility is not a complete "solution" to
whatever they have asked for.
NOTE WELL: This list operates according to