[ietf-dkim] SSP = FAILURE DETECTION
Douglas Otis
dotis at mail-abuse.org
Tue Sep 12 11:15:21 PDT 2006
On Sep 12, 2006, at 10:59 AM, Hector Santos wrote:
>>> hmmmmmmmmm, unless I didn't follow you right, I fail to see the
>>> distinction or your point.
>>
>> I get mail that pretends to be from my bank. The SSP says the mail
>> is 100% pure non-forged. However, the DKIM-BASE signing domain is
>> not in my list of trusted signing domains. I get a warning that
>> this mail could be sent by a party that I have no relationip with.
>>
>> This may be a revolutionary concept to some, but a widely used
>> application called ssh has been using such tricks for 10 years.
>> Its approach to opportunistic authentication is not perfect for
>> purists, but it works for real people.
>>
>> Having gone in circles twice, I think this is a good time to step
>> out of this thread.
>
> That's fine by me Wietse, but keep in mind that you mistaken by
> continuing to use a magic wand to change an apple into an orange,
> by using reputation is part of the total solution when in fact, it
> is suppose to be out of scope in this WG.
Hector,
You have completely missed what was being said. Where do you even
see the word reputation?
-Doug
More information about the ietf-dkim
mailing list