On Mar 1, 2007, at 12:29 AM, Hector Santos wrote:
Hallam-Baker, Phillip wrote:
Subject: Re: [ietf-dkim] 1365 yes/no
On Feb 28, 2007, at 2:23 PM, Stephen Farrell wrote:
issue #1365 calls for eliminating requirement
6.3.2 which says:
" [PROVISIONAL] The Protocol MUST be able to publish a Practice
which is indicative that domain doesn't send mail."
If you want to eliminate that requirement say: +1 If you
want to keep
that requirement say: -1
+1 its out of charter scope
I've heard you say this a few things, and I've been begging to ask
because I'm scratching my head over how its out of scope?
This POLICY and among others have been part of the design
discussions/debates process since the beginning with the original
SSP specs, the current SSP specs including my own DSAP and most
importantly, it being already MODELED in published DKIM/SSP open
source software.
It's been out of scope since day one. The argument for keeping it has
been "Yeah, it's out of scope, but what the hell, we're throwing
stuff that's far less useful into the pile of stuff. At least this
one piece has some conceivable real world use, lets keep it."
Not wanting it is one thing, but saying its out of scope, I would
disagree with that for one simple reason: Bad guys will most likely
randomly use domains with fasimilies of 3rd party signatures. If a
domain doesn't send mail, not only will this policy indirectly
protect the domain but also directly reduce the abuse on the receiver.
In my view it is extremely powerful policy with a very high payoff.
(No, I don't have a +1 or a -1 on this, as I really don't care by
this point).
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html