[ietf-dkim] A proposal for restructuring SSP

[Dave Crocker]

MH Michael Hammer (5304) wrote:
> Bill and anybody else who is responsible for outbound mail knows that
> they are going to get dinged - signed or not - if they don't address
> issues caused by mail coming from their system.


That's why DKIM was made flexible enough to let a variety of different domain 
names be used for signing.  In this case by the Operator.

Except possibly in tightly integrated scenarios, there is no need to tie the 
signature to the From: field, when the signature is not being performed by the 
author.  The operators reputation will suffice.

Keep in mind that all of this mechanism is for filtering engines, not end user 
display.


> If Bill is willing to sign and wants a stronger statement made by SSP
> that the domain uses his DKIM signature, where is the technical
> objection? 

My own reading of Bill's reqest is that it adds significant complexity to the 
specification and therefore to the implementation and therefore to the 
interoperability challenge.  Perhaps I've misunderstood his request, but as 
noted, it appears to be something that really was discussed at length by the 
working group and rejected because DNS delegation covers the requirement, 
without adding complexity to SSP.

d/

-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net