Unfortunately this message is one that is useful to my organization. With thousands of small businesses that don't have the capability to manage their own DNS, mail, DKIM signing they will have to rely on the ISP to provide that for them. An ISP may find it easier to publish a single sign.isp.com public key and put an ssp record in the business domain that indicates 3rd party signing.
Now on the receiver side, it will depend on the implementation whether SSP is checked at all. There is room for a threat model there. Thanks Bill Oxley Messaging Engineer Cox Communications -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Patrick Peterson Sent: Friday, December 07, 2007 6:19 AM To: [EMAIL PROTECTED]; [email protected] Subject: [ietf-dkim] Discussing what someone said about SSP - productive? > Among the various discussions I've had today, one comment > about SSP struck me > as worth wider consideration: > > SSP is one organization's attempt to tell another > what it should do with mail that is from a third > organization. I really struggle with comments like these, too. I don't believe this is true but even more fundamentally I don't believe that discussing "comments about SSP" is productive. We should be discussing how to build the best SSP and these random comments engender long threads that leave everyone frustrated and angry. I think we all hear various comments about SSP but having the list consider them without an acutal discussion of SSP issues is just not productive. (Again I'm attacking the message not the man. Please don't take this as an ad hominem attack. It is certainly not meant as one and hopefully not taken as one.) pat _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
