Jim Fenton wrote:
SSP is about providing advice in the absence of sufficient trust to just
accept/deliver the message.
Jim, that statement seems very much at odds with the current text and with the
pattern of comments about it from supporters of the current text.
The current text makes no explicit statements about 'trust' and no statements
about relative application of SSP.
The closest it comes is the implicit statement that if the From: domain does
not equal the DKIM domain (i=, I guess) then you should be 'suspicious', which
translates into 'have little trust'.
In other words, the model of the current specification is really to say that a
receiver should mistrust a message that isn't signed by its author.
Everything in the language and direction of the0 current specification derives
from this perspective.
This is a fair point. We need some words that don't create a normative
dependency on reputation and accreditation systems that are out of
scope. Suggestions welcomed.
If the specification is restricted to statements of the type "here is what I,
an author domain, do, in case you a receiver find it useful to know" then
these issues become greatly simplified.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html