Unfortunately this message is one that is useful to my organization.
With thousands of small businesses that don't have the capability to
manage their own DNS, mail, DKIM signing they will have to rely on the
ISP to provide that for them. An ISP may find it easier to publish a
single sign.isp.com public key and put an ssp record in the business
domain that indicates 3rd party signing.
Now on the receiver side, it will depend on the implementation whether
SSP is checked at all. There is room for a threat model there.
Thanks
Bill Oxley
Messaging Engineer
Cox Communications
-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Patrick Peterson
Sent: Friday, December 07, 2007 6:19 AM
To: dcrocker(_at_)bbiw(_dot_)net; ietf-dkim(_at_)mipassoc(_dot_)org
Subject: [ietf-dkim] Discussing what someone said about SSP -
productive?
Among the various discussions I've had today, one comment
about SSP struck me
as worth wider consideration:
SSP is one organization's attempt to tell another
what it should do with mail that is from a third
organization.
I really struggle with comments like these, too. I don't believe this is
true but even more fundamentally I don't believe that discussing
"comments about SSP" is productive. We should be discussing how to build
the best SSP and these random comments engender long threads that leave
everyone frustrated and angry.
I think we all hear various comments about SSP but having the list
consider them without an acutal discussion of SSP issues is just not
productive.
(Again I'm attacking the message not the man. Please don't take this as
an ad hominem attack. It is certainly not meant as one and hopefully not
taken as one.)
pat
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html