On Nov 16, 2005, at 1:52 PM, Mark Delany wrote:
On Wed, Nov 16, 2005 at 01:32:21PM -0800, Douglas Otis allegedly
wrote:
On Nov 16, 2005, at 12:47 PM, Stephen Farrell wrote:
A claim made in the charter of detecting spoofing depends upon a
comparison of the signing-domain with the email-address domain.
There is no such absolute claim that I can see in the draft
charter [1].
The charter still offers justification for pursuing constraints on
the email-address.
Right. Because that's an on-going, persistent requirement of the
people who will use this stuff - rather than those who talk about
it. Abdicating this responsibility to some distant, undefined process
removes the incentive to adopt for many high-value domains.
High value domains require much more than email-address comparisons
to obtain relief. Once a DKIM mechanism is available, comprehensive
solutions outside the scope of DKIM can better confront these
problems. The base DKIM in conjunction with more comprehensive
efforts would not be an abdication, but rather represents superior
near-term solutions.
While there does seem to be consensus for rather dramatic changes
within the immediate working-group, trade-offs will impact a larger
population who will likely see things differently. I would rather
ensure development of the base DKIM draft and expect more
comprehensive and targeted approaches will offer better solutions
that minimize the associated costs. Once DKIM is in place, how it
gets used will evolve. Evolution of use would be safer as a separate
process in order to expedite the base effort.
Unless there are questions, I'll end this thread with a bookmark. : )
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org