From: "Dave Crocker" <dhc(_at_)dcrocker(_dot_)net>
There are various types of identifiers that relate to the originator and
various others that relate to handling agents. I've tried to avoid listing
specifics in order to focus on what seems to be an underlying requirement.
In fact this requirement seems so basic and pervasive that
I am wondering whether it is necessary or appropriate to
restrict it to a particular authentication technique?
Equally I am wondering whether it is not distracting from the core DKIM
authentication work to emphasize this particular requirement prior to
deployment of a signing/validating mechanism.
In other words, it is starting to look as if the mechanism for enforcing
originator/handling linkages needs separate focus from techniques for
performing authentication.
Thoughts?
I am trying to figure out "what you are thinking?"
- No talk of ANTI-SPAM/SPOOF/PHISH (ASSP) solution
- Independency allows CVS and DNA considerations
If the latter, then I believe you need to be straight here on your overall
goals.
SOLUTION = SENDER (CVS) + REPUTATION (DNA) + AUTHENTICITY (DKIM)
If this is not the case, then this relaxed DKIM independency clearly does
not stand on its own (as the specs are currently written). You are forcing
the issue of considering other SMTP based protocols.
Can you clear this right away? I can see why you may not want to make it
harder for standards track issues. But it will help to know what are the
"long range" plans.
Dave, lets imagine that DKIM becomes the standard tomorrow and we begin to
receive DKIM messages. We were not DKIM aware yet, but now we see a bunch
of emails with DKIM signatures. So we begin to explore DKIM.
The first thing we notice that there are a much of DKIM signed messages
purporting to be SIGNED from domains which have NO Policy defined or
conflicting signing policies?
How do you expect us to handle this?
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
ietf-dkim mailing list
http://dkim.org