ietf-dkim
[Top] [All Lists]

1193 Proposal Benefits: [Re: [ietf-dkim] 1193 considered harmful]

2006-03-24 08:19:40

----- Original Message -----
From: "Jim Fenton" <fenton(_at_)cisco(_dot_)com>
To: <arvel(_dot_)hathcock(_at_)altn(_dot_)com>
Cc: <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Friday, March 24, 2006 8:54 AM
Subject: Re: [ietf-dkim] 1193 considered harmful

The extent to which this optimization actually helps is open for
debate.  As Hector points out in a subsequent message, I notice that
there is a trend toward more per-recipient customization of messages, in
order to better personalize them, in addition to the customization of
link addresses I mentioned above.

Right.

But I think it is an important question because it can defined a new level
of software change requirements too.

Case in point,  if a software change proves to be too difficult or not
feasible, one can opt or skip a particular method or model over another.
Will Dave [or anyone in general] every change his list server software just
to support DKIM?  What incentive does he has to do so?

Anyway, lets look the benefits. Let me see if I understand the proposal
again:

Signer:

  1) Hash Body
  2) Add Body Hash result to Header (example only: bodyhash=)
  3) Hash Headers and Sign (b=)


In my view, this will offer tremendous benefits for the verifier:

  1) Clear optimization and scalability benefits,

  2) Allows verification to be perform on message headers,

  3) Integrity Issues clearly separated allowing for
     higher degree of confidence in determining failure,

  4) Increases reliability of the protocol,

  5) Reduces many of the MAILING LIST issues,

  6) Addressing key critical issues or concerns that hamper all
     PAYLOAD based protocols.

The way the industry is header, #6 is very important to the extent that I
have been working on a new ESMTP I-D proposal that I believe will be begin
help prepare future systems address such PAYLOAD based protocols.   This
1193 BodyHash proposal will fit exactly with what I expecting in my
proposal:

http://isdg.net/public/ietf/drafts/draft-santos-smtphead-00.html

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com





_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html