Doug replied to Frank:
Step 4 means "DKIM working as designed", it's a feature
and no bug.
Break everything is a feature? Limit email-addresses to a single
provider is a feature?
It doesn't break everything and even then, yes its a feature, breaking means
the DKIM exclusive policy security was violated.
If the high-value domains do not want their domains to used outside their
distribution with no expectation for middleware tampering, they should not
be using the domain outside this protective shell.
Once they do, the sharks will eat it up (protection is lost).
If a domain doesn't care how their mail gets distributed, gets signed,
resigned, stripped or otherwise, then their expectation for security and
protection is unrealistic.
In addition, any presumption that *all* vendors and operators will endure
potentially high payload overhead in the name of wasteful DKIM processing,
is also unrealistic.
SENDER-ID suffered the same poor technical merits of not providing a
high-payback value for blindly accepting payloads and performing extra
processing.
You got to provide a very good reason and show a payback value to ACCEPT a
PAYLOAD for DKIM processing. I see the high payback potential with DKIM.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
ietf-dkim mailing list
http://dkim.org