[ietf-dkim] Attempted summary, SSP again
johnl at iecc.com
Thu Jan 26 17:55:44 PST 2006
>Right. So the question is, can a signature be constructed such that
>it doesn't interact with SSP to infer a binding above and beyond "I
>claim it passed through me"?
I'm increasingly getting the impression that we don't really
understand the semantics of SSP. If a domain uses SSP to say that it
signs everything, and a message from that domain has both the domain's
signature and someone else's, is that OK? I can easily imagine
interpretations of SSP that would go either way.
More information about the ietf-dkim