No one has shown that open ended unrestricted DKIM-BASE 3rd party signing
engines are safe and exhibit no open harm to original domain owners.
So where is the guessing?
a) Unrestricted DKIM-BASE 3rd party signatures are safe?
Or
b) Optional Controls for DKIM-BASE 3rd party signatures will help
secure 1st party signatures or 1st party expectations?
If there is a desire to not do any more work in the area, then in my
opinion, there is a burden to show there are no viable threats of major
concern for 1st party domains in an unrestricted DKIM-BASE 3rd party signing
(by anyone) environment.
If that can't be shown, then all that is being done is guess work too and
also guess work about what's good or ok for original domain properties
owners.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
----- Original Message -----
From: "Michael Thomas" <mike(_at_)mtcc(_dot_)com>
To: "Scott Kitterman" <ietf-dkim(_at_)kitterman(_dot_)com>
Cc: <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Thursday, August 24, 2006 10:10 AM
Subject: Re: [ietf-dkim] Delegating responsibility: a make vs. buy
designdecision
Scott Kitterman wrote:
There are domains out there that cannot do the NS delegation trick.
Today. Whether there are any alternative tricks that they can perform is
speculation. Given what I've seen proposed, I see no reason for
encouragement.
What we do have a good chance for is to screw the pooch by wasting a huge
amount of time engineering to guesses.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html