----- Original Message ----- From: "william(at)elan.net" <[EMAIL PROTECTED]>
> SSP is ability to indicate policy for email address, i.e. when you see > address in from you can check to find if emails from that address are > supposed to be signed. If you only check policy record when you see a > signature - this pretty much breaks the reason for having such policy > record in the first place. I believe Tony's suggestion (which was already discussed 6+ months ago) is to include the SSP as part of key lookup DNS record as a optimization feature. The problem is 3rd party signatures. The OA might may not want to have 3rd party Key signers defining the signing policy. So you need to key it separate. When discussed in the past, it was all about reducing the SSP lookups. As it seemed to me, there was the big resistance in doing additional lookups. I agreed, but my only point then was that we should put optimization aside to workout all the ideal boundary conditions first to remove all protocol loopholes. Then you optimize it, and if that's not possible and makes the entire process impractical, then you throw the idea away and go back to the drawing board. :-) But the worst thing to do is to ignore it and/or make it all optional because that would be he easiest thing to do. -- Hector Santos, Santronics Software, Inc. http://www.santronics.com _______________________________________________ ietf-dkim mailing list http://dkim.org