[ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to
unsigned messages
robert at barclayfamily.com
robert at barclayfamily.com
Thu Jan 24 14:03:13 PST 2008
> Date: Thu, 24 Jan 2008 13:31:48 -0500
> From: hsantos at santronics.com
> To: robert at barclayfamily.com
> CC: dcrocker at bbiw.net; ietf-dkim at mipassoc.org
> Subject: Re: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to unsigned messages
>
> robert at barclayfamily.com wrote:
>
> > But I think there are a sufficient number of cases where domain owners
> > may want to make statements not just about mail that is not signed, but
> > about mail that is not signed by them.
>
> Are you kidding me? I am willing to bet that given the opportunity to
> do so, they will immediately apply strong SIGNING requirements to their
> mail, IFF the receivers are going to HONOR the policies.
>
I could be wrong, but I think we agree here. What I meant was, many domain owners will want their policies to apply to all mail not signed by them (which includes both unsigned mail and mail signed by third parties).
Where we may disagree is in the other part of my stgatement, which isn't quoted here. I think limiting the SSP spec to a description of how to retrieve the data, and under what situations it is applicable is sufficient. I don't think we need to say explicitly what to do when you encounter a specific policy. I think most domain owners who want a strict policy will create one if they think it will help prevent problems with ANY receiver who is significant to them.
> If we have such a relaxed mode of operation, bad guys just have to run
> in legacy mode. No adaption required.
>
> We are erroneously presuming everyone are going to depend on DKIM being
> tied to reputation services and my view, this is going to be the biggest
> mistake we make here.
>
>
> --
> Sincerely
>
> Hector Santos, CTO
> http://www.santronics.com
> http://santronics.blogspot.com
>
_________________________________________________________________
Need to know the score, the latest news, or you need your Hotmail®-get your "fix".
http://www.msnmobilefix.com/Default.aspx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mipassoc.org/pipermail/ietf-dkim/attachments/20080124/f64e6d99/attachment.html
More information about the ietf-dkim
mailing list