Steve Atkins wrote:
The first step would be a group consensus on what the threats are
("what SSP is supposed to be for"), or at least a superset of what
most people think.
Actually, I think that's the LAST step. My hypothesis is that different
types of signers and/or verifiers (different use cases) perceive
different threats.
Hector Santos wrote:
When I wrote the (now expired I-D) I-D DSAP (DKIM Sender Authorization
Protocol) draft:
http://www.isdg.net/public/ietf/drafts/draft-santos-dkim-dsap-00.html
http://www.isdg.net/public/ietf/drafts/draft-santos-dkim-dsap-00.txt
the main reason was to officially highlight the concerns and hopefully
they would be considered for SSP.
Thanks, this'll be a great starting point. Now I just hope I can find
the time....
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html