[ietf-dkim] Re: Discussing what someone said about SSP
dhc at dcrocker.net
Fri Dec 7 07:16:27 PST 2007
Michael Thomas wrote:
> I'm sorry, but are you suggesting that romania.mafia.com has a legitimate
> voting right for their use of my domain name that SSP would take away
> from them illegally?
Are you saying that, at the time of SSP processing, you can know for certain
that that is the name and nature of the third party? If you are, please
explain the basis, because I do not see it.
My point, in highlighting the third party, is exactly to note that SSP is
based on some assumptions that attend only to the owner of the SSP record and
not to the third party whose mail is affected by that record.
As has been noted, ad nauseum, SSP will, at best, be an imperfect mechanism,
at least due to taking years to adopt broadly and, probably more importantly,
to broken signatures.
Giving one party a source of leverage on mail from a another is the very
nature of what SSP is seeking to do. Certainly it is mail not signed by the
first party. This perspective should raise warning flags.
That mail abuse is such an extreme problem is probably the only reason we
would consider such a mechanism, but we need to be careful that we do not use
it to entirely disenfranchise possibly legitimate mail senders.
More information about the ietf-dkim