[ietf-dkim] Unacceptable (was: ISSUE: SSP-02: Discardable
inappropriately specifies possible verifier action)
dotis at mail-abuse.org
Tue Feb 12 11:08:42 PST 2008
On Feb 12, 2008, at 8:57 AM, Steve Atkins wrote:
> On Feb 12, 2008, at 8:25 AM, Frank Ellermann wrote:
>> The term is MAIL FROM (46 occurences in RFC 4408). IMO "suspicious"
>> was better than "discardable". The 2821bis terms for "discard" is
>> "drop", adding tons of caveats, without noting non-technical facts,
>> e.g., "dropping mail" can violate the "constitution" (or base law)
>> where I live, and that is not on the same level as ordinary crimes.
>> If you (not you personally) really must invent a new term instead
>> of sticking to "suspicious" or simply FAIL (for auth-headers), how
>> about using "unacceptable" ? This clearly indicates the receivers
>> already dropped the ball when they accepted any "unaccptable" mail.
> That doesn't match the semantics of SSP.
> "Discardable" does match the semantics of SSP.
> Is the issue that you don't like the semantics SSP implies, or that
> you'd prefer we were more circumspect about describing them?
> They'd both be valid concerns, but they're quite different.
Your SSP assertion is defined in terms of verifier actions. Defining
this action is premature, and in the case of the term "discardable",
will likely result in often inappropriate actions. SSP could use the
term "non-compliant" with an assertion of being the "sole" legitimate
signer. Actions should remain within the discretion of the verifier,
where the state of the assertion is to be judged against compliance
with the domains assertions. "Discardable" does not match with this
semantic as it does not permit an assessment of compliance.
More information about the ietf-dkim