[ietf-dkim] Should DKIM drop SSP?
ietf-dkim at kitterman.com
Thu Oct 27 07:46:35 PDT 2005
On 10/26/2005 07:24 pm, Douglas Otis wrote:
> On Oct 26, 2005, at 3:32 PM, Scott Kitterman wrote:
> > No we should not.
> > Is there anything in this line of reasoning that isn't duplicative
> > of the last
> > time we went through your view on this in August?
> At that time, if I recall, the problem was related to shared systems
> and possible unfair accrual of reputation based upon the email-
> address. This issue was left open. Since then, SSP has become more
> disruptive of typical email use. Unfortunately such disruption by
> SSP is _required_ before benefits are derived with respect to
> repudiating invalid messages. Such disruption would not occur when a
> relationship to the email message transport is used as the basis of
> the policy, rather than the author.
> Risks to valid messages associated with these policies and a lack of
> a defensive strategy remain the greatest risks to a successful
> outcome. There are several that see From email-address authorization
> mechanisms as the means for abating spam. I see this as a dead-horse,
> but this aspiration has remained constant and seems to accompany a
> willingness to inflict significant damage upon the email transport.
> As you do not want SSP to drop policies related to the From header,
> what are the trade-offs being made when SSP policies are applied in a
> manner that allows repudiation of messages from Bad Actors?
> Can you acknowledge the trade-off and defend this choice?
Sure there is an OPTION to make a trade-off. The trade-off will be worth it
for some domain owners and not for others. If SSP was required and was
required to limit signing to first party signers, then your concerns might
have some traction, but AFAICT, none of that is the case.
I don't think it's really my job to defend SSP when so far everyone who's
replied on the list is in favor of it. I may be missing something, but I
don't see anything new in your arguments. Last time we went round and round
on this it seemed to me that it really didn't go anywhere. I don't
particularly care to waste the time with another series of pointless e-mail
More information about the ietf-dkim