[ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to
unsigned messages
Michael Thomas
mike at mtcc.com
Thu Jan 24 12:40:39 PST 2008
Arvel Hathcock wrote:
>>> I would take this further: remove all text that says when to apply
>>> SSP. Instead, provide text that states the contribution that SSP
>>> can make under different conditions: mail with valid first-party
>>> signature, mail with valid third-party signature, and mail without
>>> valid signature.
>>>
>>
>> I mostly agree with Wietse's proposal. Yes, I'm aware that diverges
>> sharply from the current draft.
>
> I could get behind Wietse's proposal also if it hadn't started with "I
> would take this further." I'm concerned with the "this" he refers to
> which encourages avoiding SSP completely in the presence of a verifiable
> signature from just anybody whom-so-ever. I view that notion as
> completely defeating SSP.
I'm rather uncomfortable with this as the "contribution" is likely to
be rather subjective, and I've been burned before with the IESG thinking
that that kind of text amounted to so much salesmanship, and puked on
it.
Mike
More information about the ietf-dkim
mailing list