Steve Atkins wrote: > On Mar 9, 2009, at 12:20 PM, Barry Leiba wrote: > > >> The discussion seems to be straying beyond certain useful >> boundaries... as Stephen says, let's keep it within those. So, in >> particular, with my "participant" hat on: >> >> It seems to me that the relevant point isn't whether you do or don't >> like ADSP and whether you will or won't deploy it... but, rather, that >> we agree on the details of it. If you're a signer and you don't like >> ADSP, you won't publish ADSP information. If you're a verifier and >> you don't like ADSP, you won't retrieve ADSP information. >> >> So what matters is that we agree on what the ADSP information says and >> means, and that we agree on the interpretation by a verifier of its >> absence. >> > > If ADSP assertions put constraints on DKIM use, especially > if those constraints end up affecting those who don't choose to > use ADSP, then it's a bit more important than that. (I'm already > seeing people who can't use DKIM appropriately because they're > using DKIM signing engines that were were written with one > limited use case in mind). > > I don't know if that is the case. Does anyone else? >
ADSP doesn't put any constraints on a signer that doesn't publish an ADSP record, or that publishes adsp=unknown. Given the range of non-ADSP applications for the i= value that have been described, verifiers would be well advised not to use the i= value as a key to a reputation database. So while a signer's use of ADSP might constrain a verifier that wants to key reputation on that value, it's not a good idea anyway. -Jim _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
