>Right. So the question is, can a signature be constructed such that >it doesn't interact with SSP to infer a binding above and beyond "I >claim it passed through me"?
I'm increasingly getting the impression that we don't really understand the semantics of SSP. If a domain uses SSP to say that it signs everything, and a message from that domain has both the domain's signature and someone else's, is that OK? I can easily imagine interpretations of SSP that would go either way. R's, John PS: "imply" _______________________________________________ ietf-dkim mailing list http://dkim.org
