[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of Dave Crocker
2. I think that the passive/active difference involves a
superset/subset relationship. That is, I think that the
active begins
with the statements made in the passive mode, about the
sender/signer,
but extends them to tell the evaluator how to use those statements.
I think that we need strong policy but that there is no place for active
statements.
A 'strong policy' in my book is simply a passive statement that when read by
the receiver means that it is overwhelmingly likely that the majority of
receivers will reject mail without proper authentication.
I don't think that strong policy can be written today, policies will only
become strong over time as the Internet email infrastructure adapts to DKIM and
the mail filters gain the necessary confidence to implement more restrictive
rules.
The barrier to entry for issuing strong policy is pretty high for many. Until
most mailing lists are fixed you probably have to implement a separate mail
system to allow mailing list mail to bypass the mail filter. I don't think that
many people are going to do it without good reason as John suggested earlier.
We could implement the token in mail address scheme I described as a pop
extension. User wants to subscribe to a mailing list, they ask their email
client to subscribe them, it asks the mail server for a mailing address for the
list. The pop server calculates one using a shared secret.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html