On Thu, Feb 16, 2006 at 01:26:10AM -0500, Hector Santos allegedly wrote:
I think it is a failed and flawed design concept and I have not been
convinced that it is not.
You may be right, we may be wrong. Or vice versa. These are early days
and we collectively will learn more as time goes by. If DKIM 1.0
doesn't get it perfectly right, that doesn't preclude a DKIM 1.1
getting it closer to right.
In part, these sort of differences underscore why many of us want to
make DKIM the lowest possible bar for success. We want DKIM 1.0 to be
*just* useful enough to succeed, but we don't want to presuppose or
impose on the huge uncharted territory that follows.
While I might disagree with Hector today about the question of
inferring meaning from invalid signatures, rather than try and battle
that out in the abstract on this list, I'd much rather see a DKIM 1.0
framework that lets us find out real answers in the field.
If it turns out that Hector is right, based on empirical evidence,
then let's reflect that in DKIM 1.1. If it turns out that Hector is
wrong, we should similarly reflect that outcome in DKIM 1.1
If there is one mistake we should avoid, I'd suggest that imposing our
speculation on the minimum base to try and get it perfect, is it. Why?
Because we don't know what perfect is yet.
NOTE WELL: This list operates according to