[ietf-dkim] The basic problem with SSP
pbaker at verisign.com
Fri Sep 8 12:02:50 PDT 2006
The sender of the message does not get to insist that the message be accepted.
The owner of the domain does get to state that legitimate messages are signed and to insist that it is extreemly likely that messages without authentication headers are forgeries intended to defraud the recipient.
> -----Original Message-----
> From: ietf-dkim-bounces at mipassoc.org
> [mailto:ietf-dkim-bounces at mipassoc.org] On Behalf Of Dave Crocker
> Sent: Friday, September 08, 2006 12:56 PM
> To: John Levine
> Cc: ietf-dkim at mipassoc.org
> Subject: Re: [ietf-dkim] The basic problem with SSP
> John Levine wrote:
> >> 2. I don't care about the breakage and I'd prefer you
> reject unsigned mail.
> > Not to put too fine a point on it, but the fundamental
> question here
> > is why should the recipient care what the sender claims he prefers?
> > Anytime you send e-mail to someone, you're basically asking
> them to do
> > you a large favor by investing the effort to accept and deliver it.
> > Senders don't get to set rules about what recipients can do.
> or will do or should do.
> bang on, John!
> discussion on the list continues to use a perspective that
> sounds like the sender gets to dictate things, rather than
> that the receiver has the option of using information.
> at every turn we should start by asking how a feature will
> benefit the receive-side and what our basis is for believing
> that they will *see* that benefit (and hence be motivated to use it)?
> Dave Crocker
> Brandenburg InternetWorking
> NOTE WELL: This list operates according to
More information about the ietf-dkim