On 2006-08-30 07:28, John Levine wrote:
I suppose it is hypothetically possible that providers will upgrade
their MTAs to support per-domain DKIM signing and out of perverse
hostility won't offer the DNS support for it. That has never
impressed me as a scenario likely enough to be worth inventing a new
mechanism with unknown security problems that has to be implemented by
all DKIM recipients.
+1
On 2006-08-30 07:50, Hector Santos wrote:
Exactly, so unless you have a written, verbal contract, TOS or what have
you, signing mail on the behalf of the 1st party, masquarading as the 1st
party or as the 3rd party has some serious implications.
Unless there is some prior agreement or authorization, you're opening up a
can of worms.
And what if the MUA weenie is signing mail? How is his or her ISP going to
handle that? Just blindly resign mail again? Why? For what purpose?
That's between the MUA weenie and their ISP, and is a great example of
one of the cans of worms that may be opened if the protocol tries to get
in the way of such agreements.
On 2006-08-30 13:32, Scott Kitterman wrote:
It's not a matter of money, but a matter of the complexity of dealing with
an audience that the first step in the process is you have to explain what
a DNS service IS and they have very limited time or interest in
understanding.
An entire industry already exists, ready to serve them. If individual
companies within that industry fail to offer a complete end-to-end
service...well, that's not DKIM's fault.
--
J.D. Falk, Anti-Spam Product Manager
Yahoo! Communications Platform Team
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html