On 9/6/06, Douglas Otis <dotis(_at_)mail-abuse(_dot_)org> wrote:
On Wed, 2006-09-06 at 10:08 -0400, Damon wrote:
> Only because people insist that it *must* work in every scheme they
> can make up. I believe that we could implement what we have discussed
> and the fact that it won't work for everybody should be an asterisk.
> It will work for most systems and I am comfortable with that.
> Implementation is not a requirement.
What percentage of domains want to experience delivery issues when the
2822.From address is not signed by the same domain?
An annotation scheme aimed at assuring an originating address should be
able to satisfy virtually all domains. Introduce an optional
m=<email-address> parameter to both the signature field and the key.
This optional parameter could then work in conjunction with a designated
domain when assuring this email-address. (Some might call this address
a PRA, but it would not depend upon any proprietary algorithm.)
An optional parameter added to the DKIM signature header not limited to
a specific domain, as well as policy records that can associate signing
domains with these other domains and offer far better coverage. Making
this change would permit the largest percentages of the email-addresses
to be assured by DKIM, while also permitting simple autonomous
administration. This would fully leverage the capabilities of a policy
record, where its administration also has a chance of scaling.
-Doug
Why not both? I have no issues with using both.
I am not seeing this as a this proposal against that proposal. I think
they both have their place and we will be serving the community as a
whole much better by offering a choice between two schemes rather than
one or none.
Regards,
Damon Sauer
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html