[ietf-dkim] Responsibility concerns with Designated SigningDomains
mike at mtcc.com
Sat Aug 26 09:18:47 PDT 2006
Bill.Oxley at cox.com wrote:
>DKIM has nothing to do with reputation, reputation providers may want to
>use DKIM as part of their processing technologies but that is their
>issue/point of failure. I want something that allows me to accurately
>identify who decided to send me a piece of mail.
>What I choose to do with that identification is internal to me as a
>Any negative assertions by the DKIM signer may be helpful for me to
>classify the material I have received.
DKIM base provides the ability for you to determine who's handle a message
in transit just by the fact that it accrues signatures from the domains
through who choose to sign. You don't need anything more to achieve what
you're asking for.
SSP goes beyond that and informs the receiver about the signing domains
which also allows you to potentially correlate what to expect from the
Maybe the overall problem here is that we're conflating the information
SSP and the correlation that a receiver might want educe from that.
Maybe we should say that
SSP is *only* about the practices information service of the *actual*
question. From that standpoint, it doesn't make much sense for that
domain to speak
of the practices of other domains -- that's their SSP record's job.
More information about the ietf-dkim