1. Signer/Validator practices "negotiation" scope
SSP's description of itself as including "how verifiers should... interpret
those results" states a scope of protocol semantics that is new to the IETF;
the protocol is not constrained to "interpret" with respect to defining what
the published information means, but rather is meant to guide, or even
mandate, how the mail receive-side participant should handle messages.
I believe the IETF has not previously standardized a specification which
attempts to have one network participant dictate the internal operating
behaviors of another, outside of the protocol interaction itself. As such,
efforts in this direction need to be careful, modest and incremental.
There have been some Internet publication mechanisms used that might be
thought to be similar to SSP. Most are third-party, centrally controlled
attribute or quality databases. These are an entirely different
administrative and information models from the self-published directive nature
of SSP.
To the extent that the above is not sufficiently clear:
The SSP specification needs to be modified to remove all directions for
recipient actions, instead limiting itself to statements about the actions of
a potential signer.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html