----- Original Message -----
From: "Michael Thomas" <mike(_at_)mtcc(_dot_)com>
Dave Crocker wrote:
3. If #2 is correct, then my question is why the extended semantics are
essential? What problems are created by not including them in the
specification? What substantial benefits are obtained by including them?
The one downside is that there seems to be a serious amount of confusion
about what people think receivers will do with this information,
Might I suggest using the term "differences of opinion or positions" rather
than confusion. I am not confused at all about it.
and the SPF experience is not encouraging.
Michael, the SPF experience was highlighted due to the RELAXED provisions
that that SSP proponents are trying to avoid in DKIM/SSP. This is the
exactly the reason why SSP must also support strong policies. Ironically,
the SSP opponents are modeling a "NEUTRAL" DKIM-BASE system which is
exactly whats causes problems. In SPF, the HARD policies increases
problems with Forwarding isses. We don't have that problem with DKIM/SSP.
That is the beauty and attraction of DKIM/SSP. It offers the highly
desirable strong policies that are problematic but also desirable in SPF.
At the very least even if the protocol doesn't try to falsely dictate
what a receiver must do, it should at least warn unsuspecting
deployers that if they don't understand exactly what the extremely
narrow use scenario SSP is then they'd be crazy to set it.
I don't think it's really sunk in as to how small the set of senders who
will find this useful is, or how disruptive it will be if you accidentally
set it
when it doesn't apply to you.
I don't quite agree with your presumption it will be extremely narrow use,
but we always said Local Policy Decisions always trumps whats anyone sends
to you.
Even then, the main issue are the potential damages that are being ignored.
My wife said it best when asked why even the BIG companies like WALMART,
YAHOO, CISCO, AOL.COM, BIGBANK should also support strong policies:
"Why not? They should always check because it is the
little guy that will pay the price anyway. If the big
guys is going to allow the little things go by, the crooks
will also try to do the little things to the little companies
where $20 means something to them!"
And thats is exactly what I am worry about, exactly. A great majority of
my junk is coming from messages that have "high value" domain names.
Once a DKIM-BASE non-SSP or very watered down version becomes widely
adopted, maybe the new fee based reputation-based social networks will
prosper without SSP, but it will be the rest of the world , the great
majority that is mostly the "small guys" who will have to deal with the DKIM
junk that is coming their way.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html