Can we also conclude that SSL/TLS has failed as a tool for general
communication?
If we were holding it to the same requirements that some appear to be
asking for DKIM, I think we'd have to.
Right.
There is a certain amount of SMTP over TLS, an entirely automated
application, and the net hasn't collapsed.
People have figured out reasonable ways to deal with TLS errors,
ranging from dropping the connection if it's suppposed to be part of a
private mail network to logging and ignoring the errors if it's
regular mail. If they set up their regular mail servers to drop
connections on TLS failures, they'd lose a lot of mail. So they
don't.
I don't see any reason to assume that mail admins will be any worse at
dealing with DKIM errors than they are with TLS errors.
I don't see why DKIM is inherently different either. If ISPs were looking
for an excuse to not accept mail from unknown sources, they could use SMTP
over TLS and a customized set of trust anchors to achieve that aim,
without requiring any new protocols. They didn't.
So as I said several messages ago:
I really need clarification of why DKIM RFCs need to tell people about the
dangers of balkanization, even though HTTPS, S/MIME, and DNSSEC don't.
Don't hold your breath.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf