Murray S. Kucherawy wrote:
Hector wrote:
No Murray. But perhaps someone should be because the responsibility is
now once again shifted from the passive 3rd party signer back to the
visible 1st party 8222.From equal d= domain transaction. As far as
the potential millions of potential receivers are concern, the Author
Domain is once again responsible for signing the message.
And rightly so, in this scenario. But even if it's a visible
third-party delegation, now the From: is associated with a third-party
and a bad signature. Are you saying that's better? If so, based on what?
If anything Murray, traceability - verifiers and assessors would know
who is the responsible signer and it isn't the principle author domain.
In the advent of this anticipated new reputation scoring market, it
would be the primary domain at risk - not the passive 3PS service.
The 3PS domain is protected from harm while collecting the bucks. :)
Worst, when the signature fails, the wrong domain brand and unknown
reputation scoring across receivers is negatively hurt.
That would be a poor implementation. A failed signature is supposed
to be treated as no signature.
But why would not a national food/entertainment store chain (one you
would know of if you have/had kids) outsourcing their "Get free
tokens" and coupon spams to their few million subscribers be concern
or at least find out if their payoff is being minimized or could be
potentially minimize in the near future with these faults?
Hence we back to the policy question again. I always felt this RFC
4871 mandate - a policy mind you in its own right, was molded because
of SSP and remained when SSP was split from DKIM. But the more we
deemphasize policy, the more pressure we have to keep broken
signatures for "reputation" or heuristic assessors and worst, design
pressures to consider the even more drastic changing the 5322.From to
match the last signer in the mail path either because of ADSP or to
provide the "positive appearance of 1st party mail."
Its a vicious cycle. We'll figure it out one day. :)
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
dkim-ops mailing list
dkim-ops(_at_)mipassoc(_dot_)org
http://mipassoc.org/mailman/listinfo/dkim-ops