[ietf-dkim] Unacceptable (was: ISSUE: SSP-02: Discardable inappropriately specifies possible verifier action)

[Douglas Otis]

On Feb 12, 2008, at 8:57 AM, Steve Atkins wrote:

>
> On Feb 12, 2008, at 8:25 AM, Frank Ellermann wrote:
>>
>> The term is MAIL FROM (46 occurences in RFC 4408).  IMO "suspicious"
>> was better than "discardable".  The 2821bis terms for "discard" is
>> "drop", adding tons of caveats, without noting non-technical facts,
>> e.g., "dropping mail" can violate the "constitution" (or base law)
>> where I live, and that is not on the same level as ordinary crimes.
>>
>> If you (not you personally) really must invent a new term instead
>> of sticking to "suspicious" or simply FAIL (for auth-headers), how
>> about using "unacceptable" ?  This clearly indicates the receivers
>> already dropped the ball when they accepted any "unaccptable" mail.
>
> That doesn't match the semantics of SSP.
>
> "Discardable" does match the semantics of SSP.
>
> Is the issue that you don't like the semantics SSP implies, or that  
> you'd prefer we were more circumspect about describing them?
> They'd both be valid concerns, but they're quite different.

Your SSP assertion is defined in terms of verifier actions.  Defining  
this action is premature, and in the case of the term "discardable",  
will likely result in often inappropriate actions.  SSP could use the  
term "non-compliant" with an assertion of being the "sole" legitimate  
signer.  Actions should remain within the discretion of the verifier,  
where the state of the assertion is to be judged against compliance  
with the domains assertions.  "Discardable" does not match with this  
semantic as it does not permit an assessment of compliance.

-Doug