[ietf-dkim] ISSUE: ssp should not link "all" and third parties
Michael Thomas
mike at mtcc.com
Wed Oct 31 12:55:41 PST 2007
In section 3, bullet two it says:
2. All messages from this domain are signed. Messages containing a
Verifier Acceptable Third-Party Signature MUST NOT be considered
Suspicious.
IMO, this inappropriately links the existence of a third party signature to
the "all" signing practice. This is incorrect on several levels. First,
saying
that you sign all of your mail is just a statement of fact; there is no
need to
drag in the entire concept of third party signatures to make this fact an
interesting one. Second, I find no utility in the *sender** telling me that
a valid third party signature is required. Why is that even interesting?
What
would a receiver do differently? I can't think of anything. "All" by itself
is useful to receivers as they can use that as weaker indictment against an
unsigned message as input, say, to a spam filter.
My suggestion is to remove this linkage, and most preferable would be to
remove any notion of third party signatures altogether except maybe as a
vehicle
to explain what a first party signature is.
Mike
More information about the ietf-dkim
mailing list