Dave Crocker wrote:
Jim Fenton wrote:
The goal of SSP is to determine the practices of the (alleged) author
of the message.
That certainly describes the engineering focus that has been taken for
the current draft. It does not necessarily represent the precise goal
of SSP:
RFC 5016:
While a DKIM signed message
speaks for itself, there is ambiguity if a message doesn't have a
valid first party signature (i.e., on behalf of the [RFC2822].From
address): is this to be expected or not?
This requirements statement is actually self-contradictory, since the
words "speaks for itself" rather explicitly means that any signature
is sufficient, while the rest of the sentence seems to mean that the
wishes of the purported author dominate.
This is not a requirements statement; you are quoting from the
introduction to RFC 5016, containing discussion leading up to the actual
requirements statements in section 5.
Whereas SSP began as a simple idea as a means of deciding whether an
unsigned message should have been signed, it has morphed into an
effort to validate the From field. That is a very, very different goal.
You have stated this before, leading to a long thread "Tracing SSP's
paradigm change." I have asked you more than once to cite the basis for
the alleged change, such as text from a previous draft describing this
"simple idea". I have not received a response; since you are alleging
that it has changed, it is up to you to support that allegation.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html