[ietf-dkim] draft-ietf-dkim-ssp-02.txt Discardable/Exclusive
Michael Thomas
mike at mtcc.com
Fri Feb 8 18:13:59 PST 2008
Wietse Venema wrote:
> MH Michael Hammer (5304):
>> Is DKIM checking sufficient in itself without SSP? How might DKIM-SSP
>> help receivers (the 3 aforementioned as well as others) leverage their
>> evaluation of received email whether signed (valid or not) or unsigned?
>
> "known to be good" whitelisting can be done with DKIM-BASE alone.
>
> SSP etc. is about the ABSENCE of valid signatures, and can help to
> strengthen the "known to be good" whitelisting process.
You've said this several times, but I don't think that's the range
of all possibilities. Ag.com is a pretty good example of somebody
that I as a receiver don't know but if they're willing to say
"discard this if it's not signed", all other things being equal
why wouldn't I?
In any case, this is pretty squarely into the secret sauce of
receiver filter logic, so I'm not sure what the point is about
needing agreement; filters are certainly allowed to be more
cautious which is how I read you.
Mike
More information about the ietf-dkim
mailing list