ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ietf-dkim] Re: the entire world will change their mail systems so that SSP sort of works

2008-01-24 20:42:48
from [robert] [Permanent Link] 
Date: Thu, 24 Jan 2008 20:51:59 +0000> From: johnl(_at_)iecc(_dot_)com> To: 
ietf-dkim(_at_)mipassoc(_dot_)org> Subject: Re: [ietf-dkim] Re: the entire 
world will change their mail systems so that SSP sort of works> CC: 
MHammer(_at_)ag(_dot_)com> > >I'm not misrepresenting other peoples arguments 
at all. If the only> >signature on the message is from a 3rd party and there 
is an> >opportunity to check for the assertion of the purported From domain> 

that is not taken, that in fact is giving more weight ... to the> >signature 

of the third party ...> > Right. Let's look at the message you just sent, and 
imagine that the> list signed it with a mipassoc.org signature. Since I know 
that Dave> runs his lists well, I'm done. The "opportunity" to check 
something> else is irrelevant, as is the fact that the list would have 
broken> your signature.> 

So you've picked an example where you don't need to bother with SSP at all 
since you already have an existing trust relationship in place, and your 
existing systems give you what you would consider to be a valid answer given 
just DKIM and no policy or practices statements whatever.
If your answer is, that given this example you are not going to use SSP (and as 
an engineer I would probably recommend not mucking with any cases where your 
systems already do exactly what you want them to) that is fine. But given that, 
how does this have any bearing on what people should be doing in cases where 
they decide they do want to use SSP?
 
Let's modify the example a bit. Imagine that the message had been sent to you 
rather than through the mipassoc.org mailing list, but through some entity you 
knew nothing about, and that that entity had signed the message. 
 
Does the draft need to explain all the cases or reasons why someone might not 
bother to look up a policy at all?
 
 
 
 
Robert
 
 
_________________________________________________________________
Need to know the score, the latest news, or you need your Hotmail®-get your 
"fix".
http://www.msnmobilefix.com/Default.aspx
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ietf-dkim] Reputation vs SSP, Douglas Otis
Next by Date:  Re: [ietf-dkim] from'less 2822 messages, SM
Previous by Thread:  Re: [ietf-dkim] Re: the entire world will change their mail systems so that SSP sort of works, Douglas Otis
Next by Thread:  Re: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to unsigned messages, Charles Lindsey
Indexes:  [Date] [Thread] [Top] [All Lists]