On Dec 6, 2007, at 9:29 AM, Michael Thomas wrote:
Steve Atkins wrote:
On Dec 6, 2007, at 8:57 AM, Michael Thomas wrote:
Dave Crocker wrote:
Michael Thomas wrote:
And as far as I can tell, you alone seem to be carrying this torch
here. Changing what we agreed on with rfc5016 should require a
high barrier. I see little if any support, let alone broad
that we got it wrong.
You still didn't respond: did you read 5016 before it was issued?
In fact I know that you did because you gave a lot of very
feedback. And this was not one of the thing you commented on at
time, so charges of "paradigm change" ring rather hollow.
So, you missed the postings by Levine and Atkins? (Perhaps some
others were on "my" side of this topic, but these two were at
least quite explicit.
I didn't read them as supporting your reading. Let them speak for
themselves. There are a lot of things being discussed, after all.
I broadly agree with most of Dave's concerns...
Believe it or not, I agree with some of Dave's too. But that isn't
the issue at hand. The specific issue is whether *any* DKIM signature
from *any* domain should be sufficient to qualify for "strict" or
Do you agree with that or not?
In a well-designed protocol based on DKIM, yes I'd agree that a
validly DKIM signed message should not provoke an SSP query.
But that's not the protocol we have.
I think RFC 5016 shows a lack of understanding of DKIM (or is choosing
not to consider some important features of DKIM), and is
part of the push to try and build a next generation SPF on
an inappropriate base authentication technology.
NOTE WELL: This list operates according to