On Oct 31, 2005, at 8:31 AM, Michael Thomas wrote:
Earl Hood wrote:
On October 31, 2005 at 06:34, Graham Murray wrote:
Then many (more) 'vanity' domain owners and small businesses will
have to revert to the 'traditional' mechanism and run their own mail
servers.
Which increases "entry" costs. It also ignores the fact that many
users do not have vanity domains and are not SOHOs: using a central
address as a point of contact, either it be the address assigned
to them from an ISP, a mailbox service provider, or some other
organization like a school.
Huh? How exactly are isp's forcing vanity domains to do anything?
By binding an email-address with the DKIM signature, there are few
choices available for email-domain owners. Either they enable third-
party signing for all their messages, where
their email-address may accrue a negative reputation based upon "user-
feedback", or they MUST prohibit "third-party" signing as a response
to unfair email-address reputations. In addition, reliance upon path-
registration as a solution for replay abuse will also expose the
email-domain owner to the same unfair reputations based solely upon
the path-registration authorization mechanism.
Once reputations are based upon the email-address, there is no
defense available in the current SSP scheme other than to prohibit
third-party signing. The path-registration authorization mechanism
has already exposed this problem, where many consider "authorization"
as equivalent to "authentication". This is unfair, and SSP does not
seem to recognize this problem at all.
If I'm the registrant of a domain, I can take my zone and everything
associated with it to wherever I feel like serving it from. Therefore,
the vanity domain owner retains complete control over the signing and
policy that affects that domain.
Indeed, these third-party email providers may be able to provide
first-party DKIM services. The binding of the signature to an email-
address will have the same corrosive effect regardless of the
provider. Email-addresses will be exposed to unfair reputation
accrual when bound directly to the signature. By unfair, it means
there will _not_ be allowances made for third-party signers. This
direct binding strategy is too easily abused, as it affords dominate
providers incredible leverage at forcing the use of their email-domains.
It seems to me that what you're bringing up is that current
practice is likely to change rather than
disenfranchisement.
The real risk is that third-party services will become forfeit along
with email-address mobility. This will impact many similar services
such as list-servers, news-articles, e-invites, greeting-cards, and
kiosk-style and mobile methods of communication. Access to these
services will require an account with the specific provider.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org