---- Original Message ----- From: "Dave Crocker" <[EMAIL PROTECTED]>
> In other words, the job of DKIM is to deliver a valid identity > to an assessment mechanism. To me, SSP is an protocol assessment mechanism. I view it as an assessment of the proper and expected protocol usage and consistency. But even then, don't you think this changes or alters the goal of what's describe in the DKIM-BASE pending standard? The ultimate goal of this framework is to permit a signing domain to assert responsibility for a message, thus protecting message signer identity and the integrity of the messages they convey while retaining the functionality of Internet email as it is known today. Protection of email identity may assist in the global control of "spam" and "phishing". That "responsibility assertion" is an really important idea here especially when we currently have allowance for just about anyone to sign on behalf of the message author name along the path from point A to Z. Are we really protecting in the OWNER represented by the messaging identity? Or are just protecting the signer? If so then why are we allowing for a resigner to break what could be a legitimate signed originally signed message? To me, all DKIM-BASE does is protect the integrity of the message against any tampering. It does not protect how that message was created, well, it can if we want to throw in some "X-Mailer:" header in the signature hashing, etc, but that isn't the point. DKIM-BASE is just attempting protect the digital signature of the message. The tie-in to "authorship" or any other important Mail System concept, is the hashing of these elements so that they are not altered along the path. > How the assessment service decides to use different names > is a matter that falls under reputation and accreditation. > My reading of the charter says that is out of scope. {Scratching head, pondering, so why is he bringing it up?} I personally do not see R/A systems making a judgment on how a message is done but rather that its coming from a vouched known source. I go back to the Patrol Officer analogy: A Patrol officer sees your Driver's license has expired or you left it at home, and you got some good looking legs. The cop "might" just let you with a warning this time around. A R/A can "save" its customers from mishaps. But 99% of the times or lets just say it is expected police protocol and practice for a traffic stop that if there is a problem with your Driver's license; the photo, the sex, age, height, etc, it is simply not quite consistent which what he is seeing in reality, at this point, there is increase scrutiny and by Police Protocol and Practice he should radio the HQ database (i.e., Reputation Service) to find out if there anything bad or new to find out about you or the vehicle you are driving. -- Hector Santos, Santronics Software, Inc. http://www.santronics.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html