On Nov 15, 2005, at 2:55 PM, Stephen Farrell wrote:
Dave Crocker wrote:
5. At some point, the question becomes one of worrying about
> the DOS potential of your constantly posting lengthy notes
> that regurgitate the same points that continue to fail to
> gain support.
I have a tendency to delve too deeply, and I will attempt to curtail
this as best I can.
But, of course, that is just my own perspective.
(No Dave, I'm fairly sure that others share your perspective:-)
Doug, the charter as-is does have the required support to go
forward. There's nothing to be achieved by trying for the
changes you'd like at this stage. My bet is that those changes
just won't happen given the where the consensus lies.
You could be right, but let's not skip over a rather important
discussion. I have no desire to disrupt progress.
This issue has not been well explored, and indeed remains a topic
that exists mostly under the surface. Much of the SSP effort was
done off the mailing-list. Even rather startling changes related to
multiple From email-addresses were added before discussion on the
mailing-list. Indeed, these last minute changes were not reviewed at
the BoF. Anticipating email-address constraints resulting from
proposed changes _should_ be explored. The charter unfortunately
seems to have reached a conclusion that the email-address will be
bound to what is essentially the MTA to MTA transport. : (
When the From email-address is considered to be independent of the
signing-domain, then best practices would allow a mailing-list to add
their signature without other changes. MUAs and Mailing-list
applications could continue to function as expected. Rather than
discovering the IP addresses used by mailing-list servers as
suggested, their signature could be used instead. Accountability
could be retained at the signing-domain.
Should DKIM be expected to directly prevent the misuse of a From
email-address? There should be little doubt that email filters will
independently ascertain domains experiencing spoofing exploits and
offer the needed constraints which will include much more than just
the From email-address. Over time, DKIM aware MDAs/MUAs will make
this effort unneeded. However, when these likely inadequate From
email-address constraints are seen as the norm, then a major and
expensive transformation in the way email works will occur.
Seeing this as the issue, I wish to disagree with Dave about what is
being said within the charter.
1. The charter does not constrain email addresses.
The first two sentences of the charter:
,---
| The Internet mail protocols and infrastructure allow mail sent
| from one domain to purport to be from another. While there are
| sometimes legitimate reasons for doing this, it has become a
| source of general confusion, as well as a mechanism for fraud
| and for distribution of spam (when done illegitimately, it's
| called "spoofing").
'---
"sent from one domain to purport to be from another" refers to email-
addresses.
This paragraph concludes with:
,---
| ... and to publish "policy" information about how it applies those
| signatures. Taken together, these will assist receiving domains in
| detecting (or ruling out) certain forms of spoofing as it pertains
| to the signing domain.
'---
Detecting a spoof of course _clearly_ refers to email-address
acceptance constraints.
2. Dkim does not create or specify any inherent email address
constraints.
Should DKIM be specifying email-address constraints and directly
detecting spoofed email-addresses? This is a critical decision with
far reaching ramifications. This effort would only change the nature
of abuse.
3. An IETF wg charter specifies near-term activities, not long term.
While indeed work would be near-term, goals should be appropriate
long term.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org