On Sun, 2006-01-01 at 14:59 -0800, Dave Crocker wrote:
DKIM provides a means of validating an identity that is associated with
message transit. Do we believe that that validated identity will be helpful
for
some variety of email [quality] mechanisms, such as reputation services? The
answer to this is yes, since there is a long-standing value in having an
validated, accountable identity associated with a document.
This statement of obtaining a valid accountable identity only applies to
the base DKIM draft, but does not extend to the SSP draft.
A lot depends on what we mean by "weakly authenticating".
Probably correct. So it is quite useful that we have access to a concrete
specification that embodies the meaning that applies here.
With respect to chartering and the WG output expectations...
The base DKIM draft depends upon a domain offering a public key used to
validate the signature. (Good)
On the other hand, the SSP draft offers an authorization for an email-
address within the From header. (Bad) This authorization has already
been construed in the SSP draft itself as providing accountability.
This identity defines where complaints are to be registered. This SSP
draft also greatly alters email use by not permitting normal practices
without the same dangerous open-ended policies as seen with SPF. (Very
bad.)
As for judging exactly what the limits of market acceptability are, there are
two problems with attempting to conduct such a discussion here:
a) standards bodies, including the IETF, have very poor track-records
predicting market acceptability, particularly when the discussion goes beyond
merely assessing the competence of the technology.
b) there is a substantial constituency of experienced and responsible
development and operations folk who find the DKIM mechanism appealing enough
to
be worth pursuing.
The base DKIM draft does not depend upon the SSP draft. There are
other means to establish the expectation of there being a signature
present without changing accountability (burden-shifting). This other
means better protects recipients from fraud as well. This other means
requires less overhead. SSP can not be justified.
The difficulty is that establishment of such a mechanism makes
it very easy for, e.g., an ISP that wants to "protect its
customers from spam" and reduce spam traffic on its backbone to
say "aha, any message that isn't validated/authorized by someone
whom we recognize is obviously hostile and should be silently
It is often easy for people to make simplistic and incorrect choices in how
they
use a mechanism. This does not seem like a very strong argument against
creating
the mechanism.
There is already mechanisms in place ready to misuse email-address
authorization -as-if- authenticated. There should be an expectation
based on previous experiences that such an authorization scheme can
become a form of coercion when treated as a source identifier. This
does not require guess work.
It seems to me that, were DKIM to succeed, we would run a
significant risk of seeing the Internet fragmented into
DKIM-approval camps (with the non-DKIM-users left out of all of
them).
1. You might be right, but I can't tell, because I do not see a) the logic
sequence that starts with the fear you express and leads clearly to the
conclusion, and b) the basis for certitude that the fragmentation will occur.
By shifting the burdens imposed by reputation block-lists onto the
email-address domain owner, controlling abuse would then rests upon a
hapless entity. The ability to obtain a domain name and safely share
services are placed in peril. The fragmentation (as coercion) will
likely occur when larger domains find the results of this burden-
shifting being in their interest.
2. How is this different from the "fragmentation" that separates those with
MIME
support from those without, or the "fragmentation" that separates those with
TCP
selective acknowledgment support, from those without, or... any other
fragmentation that distinguishes among supporters of enhancements from those
not
(yet) supporting it?
At least with MIME, the risk was not with respect to unfairly being held
accountable.
-Doug
_______________________________________________
ietf-dkim mailing list
http://dkim.org