[ietf-dkim] SSP security relies upon the visual domain appearance

[Douglas Otis]

On Tue, 2005-11-22 at 22:56 -0600, Arvel Hathcock wrote:
> > Requiring an email-address owner
> 
> Doug, I'm not convinced there is such a thing as an "email-address owner" to 
> which you often refer.   I don't think I know any "email-address owners".  I 
> know plenty of "domain owners" though.  Many of those choose to partition 
> out email access to their domain using a concept known as a "mailbox" to 
> which an "email-address" serves as a pointer.  In a lot of cases, those 
> pointers are assigned to people for their use.  But they don't own them and 
> aren't entitled to them.  Email address use exists at the pleasure of and 
> according to the policies of the domain owner and noone else.  Those who 
> believe they own their email address will find out different when they lose 
> their job or stop paying their ISP for service.  Should I ask Yahoo if I own 
> arvelh at yahoo.com?  Can I argue that I needn't comply with their usage 
> restrictions because I "own" arvelh at yahoo.com and can do with it as I 
> please?

By email-address owner I was attempting to draw a distinction between
the domain owner running the email server from the domain owner
establishing email-addresses.  The email-address owner often employs the
services of the domain owner running the email server.  For DKIM, this
distinction could be seen by a different domain signing the message from
the domain of the email-address.  It could be said each own their
domain.  Perhaps I should keep saying email-address domain owner.  

-Doug