ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: opaque-identifier scaling (was: Re: [ietf-dkim] ebay / eboy)

2005-11-01 21:18:48
from [Mark Delany] [Permanent Link] 
On Tue, Nov 01, 2005 at 07:11:45PM -0800, Douglas Otis allegedly wrote:

Perhaps yes. Perhaps as an option. Perhaps not.
Remains to be proven IMO.


Tripp Cox of Earthlink should be able to clarify this issue based  
upon their deployment experience of DomainKeys.


As I recall, the issue was very specific to the arbitrary insertion of
2822.Sender and the impact that caused on certain UAs that render
Sender. The change in behavior at the recipient end was their sole
concern.

The insertion of Sender was a function of an implementation compromise
for their particular scenario of an ISP that services many vanity
domains, but which didn't want to (or couldn't) put keys into all the
relevant domains. Such a compromise is a non-problem for most domains
- particularly high-value domains, so it's hardly a fundamental or
universal issue.

Furthermore, the problem has nothing to do with binding, it has
nothing to do with the underlying technology and perhaps surprisingly,
their concerns are not solved by opaque-identifiers. Rather, it solely
has to do with the UA impact of inserting 2822.Sender. The outcome of
which is to suggest that arbitrary insertion of Sender for
out-of-domain signatures (which I think people are calling 3rd-party
signatures) is not a good choice in the DK spec. Based on their
experience, I'm inclined to agree with that.

What Earthlink were attempting to do was, in effect, implement a
third-party signature and DK does not specify that well, nor does it
offer a policy rich enough to make that clear to verifiers. To my mind
that means that DKIM needs to do a much better job of that, not that
it can't be done.


That Earthlink made the effort, took the risk and gave us the
opportunity to learn, speaks to me more than much of the
prognostication-in-a-vacuum that is going on here. Serious players
are ready to try this technology. Serious players are ready to make
mistakes. Serious players want to work to get this right. Is this
group helping or hindering that process?

As a final note, I see that Earthlink are still signing a lot of
outbound email with DK, so whatever concerns they have, have not
caused them to abandon the effort.


Mark.
_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] the actual problem DKIM addresses, was Review of draft-fenton-dkim-threats-01, John Levine
Next by Date:  [ietf-dkim] Re: Review of draft-fenton-dkim-threats-01, Frank Ellermann
Previous by Thread:  [ietf-dkim] Re: opaque-identifier scaling, Dave Crocker
Next by Thread:  Re: opaque-identifier scaling (was: Re: [ietf-dkim] ebay / eboy), Douglas Otis
Indexes:  [Date] [Thread] [Top] [All Lists]