ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] x= lets senders expire responsibility

2006-04-14 20:39:54
from [Hector Santos] [Permanent Link] 

----- Original Message -----
From: "Michael Thomas" <mike(_at_)mtcc(_dot_)com>
To: <dcrocker(_at_)bbiw(_dot_)net>


I don't want to put words into Arvel's mouth, but my read of
his users experience is that you struggle to get the keys into
the DNS once and hope that you never have to struggle with it
again. I think his base is mostly small/medium business.


We saw basically the same issue with SPF.  Our customers are spread from
hobbiest, SOHO, small/med/corporate to ISPs.

Overall, early slow inertia for adoption boiled down to:

  - Not understanding why it was needed,
    they knew it for "AVS" but didn't understand how/why it worked.

  - Not having access to DNS servers to explore, even if internal.

  - ISP/ESP not having web-based TXT record management support.

Also, very important, for our package, 99.999% of it is GUI configurable.
Without our SSL GUI Wizard, it would of slowed down adoption. I recall
wanting to also give sysops DNS record management for SPF.  But there were
DNS server technical issues in the area of updates so we left this to
documentation for now.   No doubt, vendors that help in the management will
help accelerate adoption.

No doubt, I think DKIM is alittle more complex than an SPF.  I think DKIM
key management tools is more critical to help accelerate exploration and
adoption.


For larger business and maybe ISP's even, our anecdotal experience at
Cisco is that our messaging and DNS folks don't have mich to do
with one another (changing mx records is not a ordinary event). Thus
to achieve key rollover, you'd need to create linkages between the
groups and their software that didn't exist before. Which is to say,
a very slow process for the motivated, and a non-process for
the unmotivated. Maybe SPF has helped here, but I doubt it.


It has help highlight the requirement. I can't name them all, but no doubt
ISP/ESP did who didn't have TXT support at first in their web-based
management tools, did add TXT support to help support SPF customers.

For DKIM, ISP/ESP who begin to offer signing services, free, fee-based or
otherwise will help the process.  It will also depend a lot on vendors
and/or 3rd party developers making this near-complex implementation easier.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com



_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] x= lets senders expire responsibility, John Levine
Next by Date:  Re: [ietf-dkim] New issue: Signing by parent domains, Peter Koch
Previous by Thread:  Re: [ietf-dkim] x= lets senders expire responsibility, Michael Thomas
Next by Thread:  Re: [ietf-dkim] x= lets senders expire responsibility, Jim Fenton
Indexes:  [Date] [Thread] [Top] [All Lists]