[ietf-dkim] SSP sender expectations

Hector Santos hsantos at santronics.com
Tue Dec 4 05:54:33 PST 2007 

Patrick Peterson wrote:

> Not to speak for Scott K but I do not believe he was saying senders
> expected certainty about internal filtering. SSP explicitly says this is
> not the case.
> 
> Here's my spin:
> As a sender the ability for me to state my desired (NOT DICTATED)
> receiver policy increases the likelihood that this policy will be
> considered and honored.
> Senders that cannot state a desired (NOT DICTATED) receiver policy are
> guaranteed such a policy will not be considered nor honored.
> 
> I desire a SSP that allows senders to state strict/deny. I care not a
> whit what others do with such a policy but I feel it is beneficial
> because senders want to state such policies and I can build a better
> receiving system that takes it into account. Why should this be withheld
> from the Internet because others think it's not useful for them?

+1.  It really can't be that simple?  Could it?  I mean, why would I 
bother to the extremes of processing a DKIM header/body if the end 
result is indeterminate?  Its like getting a gun without bullets!

Mr. Levine is correct about one thing - SSP has been made overly complex 
to the point it is pretty a sure bet it is guaranteed to fail (not pass 
IETF certification).

In theory, there is two fundamental ideas here:

      - You sign, you expect me to check, you get judged!

      - if you don't sign, and you want me to check a policy
        and find that you were supposed too, you get judged!

But once you watered it down, then you begin to reduce the payoff and 
worth of the system. It becomes only beneficial in specialized 
operations with a high potential of abuse outside that specialization.

Oh..

PS: SSP does not dictate receiver behavior  :)

and the irony is that raw DKIM *does* dictate receive behavior!

The Receiver either processes DKIM or it doesn't.  But if it does, there 
is a militant inherent policy of "Ignore if Failure."  Forget that it 
was ever signed.

IMO, this inherent DKIM policy  defies logic and this makes SSP even 
harder to work out.  It is the #1 flaw of the system and in my book, 
possibly the ultimate consideration if DKIM will become widely adopted 
or not.  It policy, done to appease the mailing list people, will 
continue to be a thorn on DKIM's side until it is resolved or addressed 
by some means.

-- 
Sincerely

Hector Santos, CTO
http://www.santronics.com

More information about the ietf-dkim mailing list