Charles Lindsey wrote:
On Wed, 14 Oct 2009 14:27:01 +0100, John R. Levine
<johnl(_at_)iecc(_dot_)com> wrote:
No, ADSP adds the ability for senders to make unverified assertions
about their signing practices. Unless you already have some
knowledge about the domain, you have no idea whether it would be
useful to believe it.
On the contrary, it adds the ability for domain owners to make those
assertions. Assuming that the domain owner has control of his own DNS
records, those assertions are as reliable as the reputation of the
relevant Domain Registrar (you can argue about how reliable that is, if
you wish).
+1.
I sounds like everyone is saying the same thing in different ways.
I like to view it as a failure to detect a positive assertion.
For Policy, the classic "Expect Only Signatures From Me" and you don't
see one as the same as some Reputation concept that says "Mail Signed
by Acme.Com can be trusted" but you also don't see that signature.
In both cases, its failure detection of Policy and/or Reputation
assertions.
--
Hector Santos, CTO
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html