On Sep 7, 2006, at 12:09 PM, Jon Callas wrote:
On 6 Sep 2006, at 10:14 AM, Michael Thomas wrote:
All of this talk about additional requirements for user level ssp
ignores the basic question: should there be any requirements for
user level SSP at all? If so, what are the use cases? I'm not
terribly convinced that even that has consensus -- this is the
first that I even recall the subject being raised.
I think user-level *anything* with DKIM is a bad idea. There's a
lot of flexibility in the system that permits someone so inclined
to get to something within epsilon of user-level whatevers.
However, putting it into the system is not a good idea.
The policy discussion is related to making specific policies for a
particular email-address, without concerns at this time in how this
is done. This is not about making user level policies. The DKIM
base has limited the control of the signature to that of the email-
address. This email-address specificity is found in either the key
g= or the signature i= parameters.
While a domain may wish to allow the bulk of their users a freedom to
send messages to mailing-lists and e-invitese, perhaps only a few
email-addresses are set aside where extremely strict policy is
applied. This strict policy would otherwise disrupt most of the
common services being used. DKIM's basis of control is the email-
address, not the user or subdomain.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
