Date: Thu, 24 Jan 2008 13:31:48 -0500
From: hsantos(_at_)santronics(_dot_)com
To: robert(_at_)barclayfamily(_dot_)com
CC: dcrocker(_at_)bbiw(_dot_)net; ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to
unsigned messages
robert(_at_)barclayfamily(_dot_)com wrote:
But I think there are a sufficient number of cases where domain owners
may want to make statements not just about mail that is not signed, but
about mail that is not signed by them.
Are you kidding me? I am willing to bet that given the opportunity to
do so, they will immediately apply strong SIGNING requirements to their
mail, IFF the receivers are going to HONOR the policies.
I could be wrong, but I think we agree here. What I meant was, many domain
owners will want their policies to apply to all mail not signed by them (which
includes both unsigned mail and mail signed by third parties).
Where we may disagree is in the other part of my stgatement, which isn't quoted
here. I think limiting the SSP spec to a description of how to retrieve the
data, and under what situations it is applicable is sufficient. I don't think
we need to say explicitly what to do when you encounter a specific policy. I
think most domain owners who want a strict policy will create one if they think
it will help prevent problems with ANY receiver who is significant to them.
If we have such a relaxed mode of operation, bad guys just have to run
in legacy mode. No adaption required.
We are erroneously presuming everyone are going to depend on DKIM being
tied to reputation services and my view, this is going to be the biggest
mistake we make here.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_________________________________________________________________
Need to know the score, the latest news, or you need your Hotmail®-get your
"fix".
http://www.msnmobilefix.com/Default.aspx
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html