Wietse Venema wrote:
I don't think SSP is hostile to the DKIM deployment, but helps its
deployment because it will at least provide some avenue of protection
for domains and receivers who don't wish to get into 3rd Party Trust
Service dependencies where there is no standard definition and
absolutely no guarantee of consistent results.
By the way, speaking of trust and reputation services:
SSP does not say that my bank's domain belongs to a real bank.
SSP does not say that a criminal's domain belongs to a fake bank.
SSP does not help me decide which bank is real.
+1
If anything requires a reputation service, then it is SSP not DKIM.
DKIM can manage just fine with a local whitelist.
I think SSP is part of the non-repudiation process for the DKIM domain
in how it expected his mail was to be analyzed by the receiver.
I also think the assessment is a different layer that can apply with or
without DKIM or DKIM/SSP and before or after.
The efforts to "tie" the valid signature with a reputation service is a
worthy endeavor, however, are implementation and security concerns
around this model mostly associated with anonymous transactions where is
no "rap sheet" yet established.
So in view, DKIM + SSP + REPUTATION all compliment each other.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html