Charles Lindsey wrote: > On Wed, 14 Oct 2009 14:27:01 +0100, John R. Levine <[email protected]> wrote:
>> No, ADSP adds the ability for senders to make unverified assertions >> about their signing practices. Unless you already have some >> knowledge about the domain, you have no idea whether it would be >> useful to believe it. > > On the contrary, it adds the ability for domain owners to make those > assertions. Assuming that the domain owner has control of his own DNS > records, those assertions are as reliable as the reputation of the > relevant Domain Registrar (you can argue about how reliable that is, if > you wish). +1. I sounds like everyone is saying the same thing in different ways. I like to view it as a failure to detect a positive assertion. For Policy, the classic "Expect Only Signatures From Me" and you don't see one as the same as some Reputation concept that says "Mail Signed by Acme.Com can be trusted" but you also don't see that signature. In both cases, its failure detection of Policy and/or Reputation assertions. -- Hector Santos, CTO http://www.santronics.com _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
