Dave Crocker wrote:
Jim,
Please read the following carefully and assume, just as a hypothetical,
that I might actually have a legitimate basis for the assessment being
offered and that there is a chance that your views are not automatically
correct:
Jim Fenton wrote:
The goal of SSP is to determine the practices of the (alleged) author
of the message.
That certainly describes the engineering focus that has been taken for
the current draft. It does not necessarily represent the precise goal
of SSP:
RFC 5016:
While a DKIM signed message
speaks for itself, there is ambiguity if a message doesn't have a
valid first party signature (i.e., on behalf of the [RFC2822].From
address): is this to be expected or not?
This requirements statement is actually self-contradictory, since the
words "speaks for itself" rather explicitly means that any signature is
sufficient, while the rest of the sentence seems to mean that the wishes
of the purported author dominate.
No it isn't. A signed message is a signed message. It doesn't say about
any relationship to any outside address. It speaks for itself. SSP is
about the subset of signatures that have a relationship with the From
address. Any signature is not sufficient by definition.
Whereas SSP began as a simple idea as a means of deciding whether an
unsigned message should have been signed, it has morphed into an effort
to validate the From field. That is a very, very different goal.
This is revisionist history. I've pointed to both of the historical
documents of IIM and DK which directly contradict you.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html