On Tue, 28 Nov 2006 19:04:04 -0000, Michael Thomas <mike(_at_)mtcc(_dot_)com>
wrote:
That said, after thinking about this I don't find those arguments
compelling enough to
get wrapped around the axle. Also: given that the protocol needs to be
extensible,
we can be cautious and defer things that we're not very sure about their
utility to some
time in the future when the benefits are more clear. This seems to be
one of those
things.
Indeed. What is going to happen when this stuff gets deployed is that
there will be a continuing battle between the Bad Guys, who will find ways
to make it appear that their messages are genuine in spite of DKIM, and
the Good Guys, both signers, verifiers and reputation reporters, who will
change their strategies as regards what is signed, what is announced in
SSP records, and how to evaluate the results of verification.
We cannot predict how this battle will go (it is usually the Bad Guys who
set the agenda). Therefore, there should not be too many MUSTs in our
specs concerning these details. Our job is just to provide a set of tools
(weapons), and to leave it to the Good Guys to use them in the most
effective manner.
--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131
Web: http://www.cs.man.ac.uk/~chl
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html