Dave Crocker wrote:
The -base document does not provide a general systems-framework for
understanding the role of -base, because that was not a goal for -base.
-overview provides that framework.
More generally, the deployment of security-related protocols has a long
history of being problematic. Understanding why and how DKIM is a
credible mechanism, in the face of that problematic history, also is not
something -base was intended to provide, since it is a specification
rather than a tutorial. On the other hand, -base does help with that
understanding.
Given the disagreements with how people view dkim as being used in
reality, I'd suggest that a dose of reality may be required before
the overview you seek has any chance at consensus. I've already seen
-overview being misconstrued by the Mailman folks to strip signatures
given some editorializing about that subject. And we know what happens
when we talk about those disagreements.
I've been a proponent for a DKIM BCP for a long time. I think that is
where -overview fits in, and it will make a huge amount of sense when
we actually have enough experience to make a BCP -- and that goes for
SSP as well. As it currently stands, there is far too much room for
speculation so I think it is pretty much a waste of time to be going
over the same set of arguments that we didn't overcome the last time.
As far as the hand-wringing about -base not being enough.. I just don't
buy it. We have a lot of implementations and deployments (esp. counting
DK) even with the paucity of overview material. So that's not the
problem. Nor does not doing -overview now prevent writing DKIM
evangelizing articles/papers/etc that fill that gap -- with as much
speculation as the author feels like dreaming up. So that's not the
problem either. So what is the problem that -overview is trying to
solve that _requires_ official IETF status *right now*?
Mike
Mike
And so on...
Deployment is not a technical issue, so much as a management decision
issue.
-Base is not intended to help decision makers or designers of the
framework into which DKIM will fit. The -Overview document is intended
to help with this.
For anyone who is serious about wanting to get DKIM used, I would think
that they would want it used sooner, rather than later. Anything that
will facilitate the 'sooner' ought to be a straightforward choice.
In particular, I do not understand the idea of delaying something that
can be of significant use for early-stage -base adoption, and waiting
for some unknown moment in the problematic future, when SSP might
eventually converge and get approved.
d/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html