Dave Crocker wrote:
In fact the main reason that I question the need to have most/any of SSP --in the *first* round of standardization -- is that there is quite a bit of utility in exactly the scenario you describe: A message arrives with a signature. *ANY* signature. There is quite a bit of useful information derived from validating that signature, or having the signature fail validation.
I guess I'm having trouble understanding what this utility would be. Perhaps if you could explain what you believe can be done with this signature and this signature alone, I might understand better.
So far, IIRC, it seems that there are some who feel this is valuable as a basis for accrual of reputation enabling reputation systems to be name based instead of IP based. Is there some other utility you have in mind?
I certainly agree that a signature alone provides additional information, the question in my mind is what can you do with it?
Scott Kitterman _______________________________________________ ietf-dkim mailing list http://dkim.org
