Folks,
Having said all of that, I am at a complete loss as to much of this
debate. If SSP isn't formalized in this group then you can be certain
that bi-lateral or non-standard forms will emerge in parallel to
DKIM. Those "select" domain - and we large service providers - view
this component as too integral to authentication to forgo.
My reading of the activity on the list is that it is more about what to
formalize first, than whether to formalize anything.
I suggest that we should choose exactly one sender practice to formalize
first, and defer all others. This will allow discussion to be extremely
focused and maybe even allow us to get a practise published quickly.
Of course, the *framework* for recording this practise in the DNS certainly
needs to be extensible...
And, also of course, once the first is issued, we can pursue all sorts of
additional formalizations.
The first practise should be simple. It also should be trivial to understand
and should have immediate and broad utility.
The best candidate is a flag that says: "the domain associated with the From
field signs all its messages."
d/
ps. This is relevant to the charter, in terms of describing the SSP
deliverable narrowly.
pps. I believe quite a bit of confusion and distraction is caused by our
using the word "policy". It encourages people to think in terms of grand
strokes of organizational decision-making. Something more modest, like
"practise" might limit the overblown reactions we have seen to this effort
to allow signers to indicate how they do things.
d/
--
Dave Crocker
Brandenburg InternetWorking
<http://bbiw.net>
_______________________________________________
ietf-dkim mailing list
http://dkim.org