ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to unsigned messages

2008-01-24 15:17:43
from [robert] [Permanent Link] 





Date: Thu, 24 Jan 2008 13:31:48 -0500
From: hsantos(_at_)santronics(_dot_)com
To: robert(_at_)barclayfamily(_dot_)com
CC: dcrocker(_at_)bbiw(_dot_)net; ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to 
unsigned messages

robert(_at_)barclayfamily(_dot_)com wrote:


But I think there are a sufficient number of cases where domain owners 
may want to make statements not just about mail that is not signed, but 
about mail that is not signed by them.


Are you kidding me?  I am willing to bet that given the opportunity to 
do so, they will immediately apply strong SIGNING requirements to their 
mail, IFF the receivers are going to HONOR the policies.



I could be wrong, but I think we agree here. What I meant was, many domain 
owners will want their policies to apply to all mail not signed by them (which 
includes both unsigned mail and mail signed by third parties).

Where we may disagree is in the other part of my stgatement, which isn't quoted 
here. I think limiting the SSP spec to a description of how to retrieve the 
data, and under what situations it is applicable is sufficient. I don't think 
we need to say explicitly what to do when you encounter a specific policy. I 
think most domain owners who want a strict policy will create one if they think 
it will help prevent problems with ANY receiver who is significant to them.




If we have such a relaxed mode of operation, bad guys just have to run 
in legacy mode.  No adaption required.

We are erroneously presuming everyone are going to depend on DKIM being 
tied to reputation services and my view, this is going to be the biggest 
mistake we make here.


-- 
Sincerely

Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com



_________________________________________________________________
Need to know the score, the latest news, or you need your Hotmail®-get your 
"fix".
http://www.msnmobilefix.com/Default.aspx
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to unsigned messages, Arvel Hathcock
Next by Date:  Re: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSPtounsigned messages, Dave Crocker
Previous by Thread:  RE: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSPtounsigned messages, MH Michael Hammer (5304)
Next by Thread:  RE: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP tounsigned messages, Siegel, Ellen
Indexes:  [Date] [Thread] [Top] [All Lists]