Stephen,
hmmmmmmm, they way you are stating this runs against what my final
impression of the issue.
I was under the impression that the NO-MAIL question was not related to
POLICY but how it was related to Phillip's extremely confusing proposal,
in other words, how a NO-MAIL expectation was DISCOVERED.
I specifically asked about this and I was corrected that I must of
mis-read his proposal, which I still don't understand.
My position has been that you can discovered this via SSP and others
argued that you can get the same result via the LACK OF A KEY. The
problem is the lack of a KEY doesn't necessarily expose the true intent
and domain expectation.
I viewed it as an OPTIMIZATION concept since the ideal optimize model
suggests the policy is obtained first in all cases. I believe most
agreed with that, but there were a few that militantly did not want to
do an SSP first but we left that to be an implementation concept.
In any case, I never felt that this POLICY EXPECTATION was removed but
that you don't need to do it via a POLICY but rather lack of a key.
In fact, I gave up my work with DSAP because I felt that Jim Fenton's
SSP draft covered all the bases. I told you guys this offlist.
If this was in FACT being removed, I would have never gave up on DSAP.
In any case, I wonder if people really understood what they were voting
on. I hope it wasn't a typical "follow the chieftain" path.
The DKIM "Policies Concept" design MUST include a "I NEVER SIGN" or "NO
SIGNATURE" domain expectation concept as a requirement. This is a
fundamental protection for the otherwise unprotected DKIM-BASE signature
process and now that we are discussing wild cards and sub-domains, this
no-signature idea becomes even more prevalent.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie wrote:
On Jun 4, 2007, at 6:34 PM, Stephen Farrell wrote:
Douglas Otis wrote:
It is not clear why a "no mail sent" assertion must be excluded
from a policy statement.
Well... because that was the concensus. Feel free to re-read the
archive, but basically: End of story.
Consensus does not necessarily produce a solution that improves
security.
Are you saying that you'd like to ignore the established
WG consensus and plan to continue on discussing this topic
on the DKIM WG list regardless of the fact that we've
thrashed this and one of the WG chairs has specifically
asked you to stop?
If the answer is anything synonymous with "no", there's
no need to respond, let's just move on. If the answer is
anything else, please send it to Barry and I off-list.
Stephen.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html