[ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to
unsigned messages
Wietse Venema
wietse at porcupine.org
Thu Jan 24 12:25:31 PST 2008
Arvel Hathcock:
> >> I would take this further: remove all text that says when to apply
> >> SSP. Instead, provide text that states the contribution that SSP
> >> can make under different conditions: mail with valid first-party
> >> signature, mail with valid third-party signature, and mail without
> >> valid signature.
> >>
> >
> > I mostly agree with Wietse's proposal. Yes, I'm aware that diverges
> > sharply from the current draft.
>
> I could get behind Wietse's proposal also if it hadn't started with "I
> would take this further." I'm concerned with the "this" he refers to
> which encourages avoiding SSP completely in the presence of a verifiable
> signature from just anybody whom-so-ever. I view that notion as
> completely defeating SSP.
I am not discouraging SSP.
"take this further" refers to the deleted text that directly preceded it:
> > All text that causes SSP to be applied to an already-signed message
> > needs to be removed.
I propose that we remove not only this text but also other text
that says when to apply SSP.
Wietse
More information about the ietf-dkim
mailing list