Re: r= for instilling good domain-name practices

On Sat, 2006-04-29 at 08:38 +0200, Eliot Lear wrote:

> This seems to me to be a poor man's version of SSP, and I would think
> that we would consider it in such a context.  But even if we were to
> consider this now, wouldn't different selectors cover this ground?

It is unknown whether an SSP record can be discovered when investigating
email-addresses found within the message.  The DKIM signature is not
required to have any relationship with an email-address however, which
is good.

The possible independence of the email-address also means that when the
email-address's SSP allows third-party signing, SSP could be worthless
at establishing _any_ level of trust, even when the signer is well-know
and trusted and willing to vouch for the source.  The r= parameter would
allow the signing-domain far greater clout.  After all, the signing-
domain is where the trust _must_ be derived.  For many email-addresses,
SSP will offer _nothing_ in regard to trust.  There is real value in r=.

A selector tagging convention could be established, but it would not
offer as much flexibility as would the r= parameter.  A key selector can
not offer a range, where a common key could be used for different levels
of vetted sources when signed at the MTA, for example.  A key selector
also does not have any relative merit, which would need to be
established by convention.  A simple sequence of numbers already imparts
this relationship.

-Doug