On Oct 30, 2008, at 10:59 AM, John R Levine wrote:
There's a huge difference, to me at least, between "throw our mail
away if you have the least doubt about it" (which you said above)
and "our mail isn't very important" (which you said earlier in this
thread). One is technically precise, one is an inferred value
judgement.
Why would you tell people to throw important mail away? Really,
this is a fundamental concept of ADSP that people have incredible
trouble wrapping their heads around. Discardable == not very
important.
John,
ADSP applies to all messages from the domain. The "discardable"
assertion can not be used to determine which messages from the domain
are important or unimportant. No institution would want to assert
that all their messages are unimportant.
An ADSP assertion must be seen as a suggestion as to how a message
with an invalid signature should be handled. The term "dismissible"
would have been safer, since it would not be confused with discarding
the message, instead of refusing the message.
A bank sending out their messages will surely want to know whether
something is amiss with their DKIM signature. If everyone adopted the
practice of discarding all "discardable" domain's messages that lack
valid DKIM signatures, a problem will be difficult to detect.
In practice, the useful scenarios for discardable mail that I can
see all boil down to "something happened so go look at the usual web
site." If the mail gets lost, it can be sent again because the
important stuff is locked up on an SSL web site, usually with
passwords.
Information will not be sent again, because it is likely the message
was silently discarded. If a message is refused, and the message is
important, the bank could all the recipient instead. In any case,
email is likely to act as a means to notify individuals without
sensitive information being included. Nevertheless, if the notice is
about an overdraft or a problem with an auto-payment to an insurance
company, then anything that increases the odds of "important"
notifications being silently dropped is evil. Discard is terminology
used by Sendmail and RFC 5321 to mean the silent loss of
information. The SSP draft fails to clarify that "discardable" does
not really mean discardable. To avoid this situation, the term
"dismissible" as well as "locked" was suggested.
John, you are able to wrap your head around the concerns and the
resulting confusion. With other aspects of this draft being so damn
destructive, this seems to be a type of sabotage. With so little
safely accomplished with this record, it is hard to see how this
mechanism will ever become a general practice.
-Doug
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops