Re: DKIM: c=simple is aspirational

More generally, I think the "simple" approach does too little

The thinking behind c=simple is that it's a desirable target we might be able
to reach in the future.


I understand the goal. The question is whether or not attempting to reach this
secondary goal in this specific way is worth potentially damaging our ability
to reach the primary goal of this effort.

Every protocol option comes with a price. The price in this case is threefold:
Increased specification complexity, incompatibility with existing standards,
and the increased liklihood that DKIM verification will fail in the field.

The increase in complexity is small and therefore tolerable. The lack of
compatibility with existing protocol standards is not, especially when the fix
is so simple.

As for the liklihood that people will deploy DKIM in simple mode, only to find
that it fails, this can be dealt with by appropriate wording choices. The
current wording is IMO inadequate - this needs to be a SHOULD use nowsp mode
unless you're sure simple mode will work. noswp mode also need to be the
default.

Let's please remember that the goal of this effort is to come up with a
deployable mail verification scheme. The charter doesn't describe cleaning up
existing email infrastructure as a goal.

If we assume for the moment that email signing becomes pervasive, then the
trend will hopefully be towards constraining arbitrary modifications of email
in-transit and thus make c=simple feasible.


I think this is highly unlikely. Things that deploy tend to get entrenched, and
most options of this sort end up never being used.

OTOH, I have no problem with attempting to do this, as long as it is
done in a way that doesn't prevent noswp mode from deploying widely.

...

So, perhaps the questions to ask are:

 o Do we need an aspirational like c=simple?


I believe the answer is no, this is at most a "nice to have" feature.

 o Do we believe that email signing will trend us in that direction?


I believe the answer to this is also no, it won't work out this way.

 o Do we believe that that aspirational needs to be in the base to have a good
chance of wide-spread implementation?


This is a vacuous question IMO, since there's little chance of widespread
implementation no matter what is done.

But the missing question here is:

o Does having simple mode in the specification in its present form possibly
interfere with deployment of DKIM?

I think the answer to this one is "yes", and that's the problem.

                                Ned

<Prev in Thread]	Current Thread	[Next in Thread>
Re: DKIM: Key revocation, (continued) Re: DKIM: Key revocation, Douglas Otis Re: Feedback on DKIM draft (long), william(at)elan.net Re: Feedback on DKIM draft (long), Ned Freed Re: Feedback on DKIM draft (long), Dave Crocker Re: Feedback on DKIM draft (long), Douglas Otis Re: Feedback on DKIM draft (long), Ned Freed Re: Feedback on DKIM draft (long), Dave Crocker Re: Feedback on DKIM draft (long), Earl Hood DKIM: c=simple is aspirational, domainkeys-feedbackbase02 Re: DKIM: c=simple is aspirational, Earl Hood Re: DKIM: c=simple is aspirational, Ned Freed <= Re: DKIM: c=simple is aspirational, Michael Thomas Re: DKIM: c=simple is aspirational, Ned Freed Re: DKIM: c=simple is aspirational, Michael Thomas Why DKIM useful and different from PGP or S/MIME, Dave Crocker Re: DKIM: c=simple is aspirational, domainkeys-feedbackbase02 Re: DKIM: c=simple is aspirational, william(at)elan.net Re: DKIM: c=simple is aspirational, SM Re: DKIM: c=simple is aspirational, domainkeys-feedbackbase02 Re: DKIM: c=simple is aspirational, Ned Freed Re: DKIM: c=simple is aspirational, domainkeys-feedbackbase02

Previous by Date:	Re: DKIM: Authentication-Results, Michael Thomas
Next by Date:	Re: Feedback on DKIM draft (long), Ned Freed
Previous by Thread:	Re: DKIM: c=simple is aspirational, Earl Hood
Next by Thread:	Re: DKIM: c=simple is aspirational, Michael Thomas
Indexes:	[Date] [Thread] [Top] [All Lists]