I'll take a shot at these...
Dave Crocker wrote:
1. Is the SSP specification intended (or allowed) to modify the
semantics of the DKIM Base specification (RFC 4871)?
I am hoping that folks do *not* intend to change the semantics
of the base specification, since any change will disrupt adoption of
the base.
I thought we had been very clear about this: SSP is intended to provide
additional information beyond that in the signature(s), and particularly
in the absence of an originator signature.
2. Does RFC 4871 contain any claims that a DKIM signature carries
a claim by the signer that any of the body or header content is
"correct" or "truthful"?
I ask because I believe it does not carry any such claim and
that, rather, a DKIM signature asserts a very generic degree of signer
"responsibility" which does not extend to formal claims of correctness.
4871 indeed uses a broad notion of "responsibility". However, in the
case where the signing address is the same* as some other header field,
such as 2822.From, I don't see how a signer can be responsible for a
message that uses its own address without an implied claim that the
address is correct.
* "same" meaning that the i= address is either the identical, or that
the i= address has the same domain if i= has no specified local part.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html