>1st case I sign no mail, It means that if you receive a signed message >from me I am amenable to you discarding it unread.
If you sign mail and publish signing keys, why is SSP that denies the existence of your own keys credible? If I consider the effort to generate a key pair, and to install one in the DNS and the other in the MTA, and actually get the MTA to add valid signatures, versus the effort for some bozo to stick a broken SSP record into the DNS, I know which one I would believe. > In the case that I am a 3rd party signer, the domain setup to do >that signing would have a separate administrative domain for >exchanging email about the signing domain. But nobody I know of is planning to look up the SSP of the signatures. The SSP we're discussing here keys off the sender address in the message, for some version of sender. Under what conditions would you expect someone to look up the SSP for a 3rd party signature domain? And since you would already have verified that it's a valid signature, what could SSP tell you that would be operationally useful? R's, John _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
