Dave Crocker wrote:
strict All mail from the domain is signed; messages lacking a
valid Originator Signature MUST be considered Suspicious. The
domain does not expect to send messages through agents that
may
modify and re-sign messages.
This value appears to
Wietse Venema wrote:
Jim Fenton:
(1) It changes SSP from being a protocol that governs the error
condition of an optional protocol to being a protocol that governs
*every* email received by *every* MTA.
Application of SSP to only messages containing broken signatures has
*never* been proposed
I don't think SSP is hostile to the DKIM deployment, but helps its
deployment because it will at least provide some avenue of protection
for domains and receivers who don't wish to get into 3rd Party Trust
Service dependencies where there is no standard definition and
absolutely no
Jim Fenton wrote:
Dave Crocker wrote:
Jim Fenton wrote:
Dave Crocker wrote:
The first version of SSP that is standardized needs to have a much
shorter and simpler decision tree, if interoperable deployment is to
be achieved anytime soon after publication.
This reminds me of the famous
Jon Callas wrote:
How about something like SSP Exception? Metaphorically, it works
well with the programming use of the word exception.
+1.
I think that ithe term is terse, technically accurate, socially neutral and
likely to be easy to remember. That makes it a good choice.
d/
--
On Dec 12, 2007, at 2:56 PM, Hector Santos wrote:
Doug,
I would like to know one thing:
When does a signer expect when his signature to be broken?
When sending to a mailing list, would be one example. : )
or
When is it reasonable for a signer to believe his signature
can be broken?
Wordy answer but +1 on what a dkim sig means
Bill Oxley
Messaging Engineer
Cox Communications
404-847-6397
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Douglas Otis
Sent: Thursday, December 13, 2007 3:36 PM
To: Hector Santos
Cc: ietf-dkim WG
I realize I'm a few days behind (traveling immediately followed by
jury duty), and that Jim already did a pretty good job of answering
this, but I think I can still add something to the discussion.
--On December 9, 2007 12:33:31 PM -0800 Jon Callas [EMAIL PROTECTED]
wrote:
I agree
Folks,
The following is a revised version of the draft SSP Summary. It factors in the
comments that were sent for the previous version.
I'd appreciate suggestions for specific changes.
d/
SSP Summary Description -- DRAFT
===
The IETF's DKIM working group has
Eric Allman wrote:
Back in the days of DKIM-base, we started with considering what
happens with broken signatures. We also believed that it would be
not uncommon for a legitimate message to get its signature broken
in flight.
Actually, we (or at least, I) started thinking about unsigned
Eric Allman wrote:
--On December 9, 2007 12:33:31 PM -0800 Jon Callas [EMAIL PROTECTED] wrote:
After that, we look at
enhancements to the model carefully. We seriously discuss whether
they are outside the charter because of the effect it has on the
Wietse Venema wrote:
I don't think SSP is hostile to the DKIM deployment, but helps its
deployment because it will at least provide some avenue of protection
for domains and receivers who don't wish to get into 3rd Party Trust
Service dependencies where there is no standard definition and
[EMAIL PROTECTED] wrote:
Wordy answer but +1 on what a dkim sig means
Besides the basic definition of a digital signature, to me, a DKIM means
there is a new level of expectations of how mail should be viewed and
handled. It raises the bar to a new non-legacy level of mail transactions.
Frank,
SSP does NOT tell applications what to display or how to display
information, but rather makes basic observations and conclusions
about behavior of users and spammers that we see today. That is:
users look at From lines and spammers and phishers try to fake
them. Anyone DISAGREE
What is the modest SSP that everyone speaks of?
Based on what I've seen, it's a cut down version of section 2 that
says how a sender can sign to match the Author domain, and a cut down
version of section 4 that says how you publish and fetch records
that contain unknown and all policies.
Those
Eliot Lear wrote:
I now get what people are saying, thanks to you and John Levine in
particular. I still believe that the From address requires protection
in SSP. UIs can at least take a stab at protecting the user by
matching display strings to what is in their address book. They can
16 matches
Mail list logo