I certainly agree that DKIM appears to have lower barriers to
deployment than some of its predecessors (e.g. S/MIME), and I also
think that there's more of a perceived need for something like DKIM
than there was for its predecessors...if S/MIME were being promoted as
a new thing today, it might be more successful.
I'm not sure that DKIM lowers the barriers enough to enable the
"network effect", but I think it's a step in the right direction if it
can lower the deployment barriers AND be made to provide the right
functionality. (I don't think it does the latter yet)
but I think goal #4 is unrealistic or misstated. DKIM should be
relatively non-hostile to legacy MUAs and MTAs (as compared to
multipart/security based solutions) but MUAs and also some
MTAs will need to be upgraded to significantly benefit from
DKIM.
Keith
I think that there's one other important aspect that's hard
for me state concisely. Utility is often bound up in the network
effect, and though PGP and SMIME solve for many of the threats
-- equally or superior -- they have not achieved any sort of
network effect. I believe that DKIM by design is specifically
trying to address the network effect and make it a goal. We
have made some specific design decisions that are ultimately
traced back to that goal:
1) use of DNS, and our lowering the bar on cryptographic trust anchors
2) lowering the expectation of what is actually asserted (ie, domain
based rather than individual based)
3) absolutely no attempt to deal with encryption
4) the ability to ride "stealthfully" within the existing
infrastructure without need to upgrade either MTA's or MUA's
5) ease of deployment at choke points (MTA's), and into existing
naming infrastructure (DNS)
_______________________________________________
ietf-dkim mailing list
http://dkim.org