ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] SSP = FAILURE DETECTION

2006-09-09 11:42:46

----- Original Message -----
From: "Wietse Venema" <wietse(_at_)porcupine(_dot_)org>
To: <ietf-dkim(_at_)mipassoc(_dot_)org>
Sent: Friday, September 08, 2006 2:52 PM
Subject: Re: [ietf-dkim] SSP = FAILURE DETECTION


If thats the case, than explain why should receivers should bother
processing DKIM signature mail?

The purpose of a valid DKIM signature is to identify the party that
signed the message. Whether this is a first-party or third-party
signature is largely irrelevant. It's about accountability.

If you are going to selectively answer only one of 20 questions, then it
doesn't help the process.


Again, WHERE is the PAYOFF if PROCESS DKIM and Just Looking for the "GOOD
needle in the haystack?"

SSP to me is about Failure and Non-Compliance of the DKIM-BASE signature
process - an AUTHORIZATION concept.  Mail that passes the test is still
untrusted and can be further processed using traditional AVS tools.

It is a mistake to believe that you have any control over what
recipients do with their email.

And you are wrong to PUT words into my much. I never said Receivers can be
controlled.  However, the market environment is to ELIMINATE the bad
transactions and the market direction is being in this direction.

It is the persistence in this
mistaken belief that distracts from the potential that DKIM has.

Sorry, you are incorrect.  You are trying to force feed a meaning of what
DKIM is suppose to do and I keep repeating I DON'T CARE what it suppose to
do as long as you do it right and the signature protocol is consistent
without introducing MORE harm and higher overhead in the process of
supporting it.

If you need an analogy, think HELO/EHLO client domain or literals and MAIL
FROM returned paths.   The problem we have today is 100% based on the
relaxation of no enforcing this states.

We can't do much about these two entities beause of the 20+ years of legacy
operations but there is no doubt, the smarter, better AVS ready SMTP systems
in the market do something about these old issuses.  They are not completely
ignored anymore.

Now with DKIM, we are NO longer talking about legacy operations at the
PAYLOAD level.  There is new expectation for new headers, new DNS records,
etc.

That is a recipe for high detection of failure based on non-compliancy and
unauthorized signatures.

So sorry, you are wrong and really wish you stop saying people they are
"Mistaken" so you can get a "+1" from your compadres because I could on to
say the same thing about how mistaken you are too.

The point is and always has been I really don't care what you think DKIM is
suppose to mean.  Its a Digital Message Signature method and it is about
Protocol Consistency.  Just blindly signing and broadcasting this junk to
receivers without a payoff of eliminating the bad is not going to be
tolerated in the wider market and quite frankly, I have a hard time
believing a high value domain is going to blindly sign mail with a "cross
your fingers, hope it makes" concept while at the SAME time assuming
"responsibility" for it.  That doesn't make sense.

--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html