Jim,
Isn't this is a contradiction here?
First you made a statement that the "DKIM WG has no authority to create
a policy framework describing the overall use of email, just the use of
DKIM."
But then yet you just went ahead and described one anyway, further you
went ahead and dictated receiver design.
Just think about this:
Do you considered a message that is not DKIM signed has a presumption of
invalidity? Thus promoting a SSP check?
Whether you do or not, your angle seems to be to dictate local policy,
how systems will be design, how email is to handled, how verifiers must
tolerate abuse, how optimization, scalability and overhead is or not
considered and worst, how we need to present all this to customers in
ways that may not be appropriate to them, thus increasing the adoption
barrier.
In any case, I am happy to see more SMTP system vendors, especially from
larger systems, voice their input here.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
Jim Fenton wrote:
Pat,
It's somewhat of a political issue: I don't favor a NOMAIL policy
because I don't feel that the DKIM WG has the authority to create a
policy framework describing the overall use of email, just the use of DKIM.
What a non-mailing domain can do that is almost equivalent and within
scope is to express a policy that they sign everything, and an
expectation that receivers should receive signed mail from the domain,
and then publish no public keys (selectors). If the verifier can't
retrieve the public key, then the signature can't possibly be good and
there's no use verifying it. The only extra overhead compared with a
NOMAIL policy is that with NOMAIL it isn't necessary to retrieve the
public key. But many verifiers will only do SSP if there's no valid
originator signature, so they won't know of the NOMAIL policy yet anyway.
So I think this could be accomplished in a different manner.
-Jim
Patrick Peterson wrote:
I read the posts as best I could and found some ambiguity.
I strongly believe nomail is important so I may be biased but it did not
appear to be cut and dry. In fact, some of the "No nomail" votes said
the objective could be accomplished in a different manner.
Since I didn't vote I do not feel I can raise the issue again. But it is
clear to me that summarily striking down any discussion of this item as
out of scope is not appropriate. Putting it in a box or deferring it may
be. But I would ask everyone to listen to the justification for nomail
regardless of when/if it is addressed. Many of our assumptions change as
design continues and input is received.
Would it help the discussion if large deployers of DKIM expressed their
opinions on nomail? (Again, they could express their opinions and this
item could still be held for later.)
pat
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html