The problem of rfc2822.From spoofing is involves some
complex human issues and we do not have much track
record solving them.
I don't see what "complex human issues" are involved in the simple wish as a
domain owner to make known whether use of that domain in a sender identity
field requires a signature or not. Domain owners do not require a degree in
anthropology to decide that question.
To the extent that responding to one prevents responding to the
other, that is NOT fine... unless responding to that other is not a goal.
Agreed. And if SSP is not a goal, several of us would prefer to know that
as soon as possible.
In other words, delaying issuance of the base specification so
that we can issue it with the SSP document makes the filtering
engine benefit depend upon the anti-spoofing benefit.
No, this is a publication timing concern only - not a dependancy issue.
Base is still base and grants the same benefits whether you release it today
or next week. While the anti-spoofing benefit remains the goal of this
process, issuance of DKIM base on it's own must not be done in a way that
cripples that goal.
But apparently it is not valuable enough to issue on its own?
That depends (see below).
The debate is not whether to provide "all of dkim" it is
whether to require that it all be provided at the same time,
or whether to provide the base first.
No. The debate is the extent to which SSP is crippled by this move to
publish base first. That is the issue. If you can show that publishing
base will in no way cripple or weaken SSP then I for one will get behind
your plan. If you can't, I and others won't. That is the debate here.
--
Arvel
_______________________________________________
ietf-dkim mailing list
http://dkim.org