Wietse Venema wrote:
Perhaps an analogy from a different but familiar world will help.
Consider DKIM or SSP as broadcast radio transmissions (or TV if
you must). The point is that it is a UNIDIRECTIONAL thing. The
sender doesn't know if anyone is receiving the signal, and they
certainly can't force anyone to listen (or watch their TV program).
Likewise, the sender of DKIM-enabled email doesn't know if the
receiver implements DKIM or SSP, and they certainly can't force
them to implement unenforceable statements that say "deny".
DKIM and SSP have no more "enforcement" power than broadcast radio.
You don't know who "receives" the signal and you certainy can't
force them to do anything with it.
With the DKIM and SSP broadcast model, you can define the format
of the signal and its meaning. That's all. If you want to control
the receiver and "deny" mail, then you need a fundamentally different
model.
Yes Wietse.
Thank you for highlighting the simple broadcaster/receiver model. It was
very appropiate.
If I may fine tune (excuse the TV pun) the model....
The new "technology" added to the electronic broadcast are with the new
XYZ (DKIM) markings in the bit, byte or packet streams (analog or digital).
Only new compliant receiver boxes are capable of deciphering or making
any use of the XYZ markings in the stream or piggybacking on the stream.
Now, what is the purpose of the new XYZ markings in the broadcast
signals?
That depends on who is doing it and way:
- Is this an Information based marking?
- Is this a new control-based marking?
If we step aside a second using a real model, the TV satellite and cable
industry also faced both design questions.
- Informational - improved receivers gives you fancier menu, it
addressed the ergonomics of the user experience.
- Controls - improved receivers allow the vendors to leverage new
subscription models, including helping them to secure
against pirating. This migh also include logic that
leverages new BI-DIRECTIONAL communications hardware.
So who will want this?
Well, the vendors (senders) will be tickled pink if they can get
everyone to purchase or license a new receiver box. That way the vendor
profit margins are improved in the name of improving the quality of the
user experience/service. New feedback information will help in direct
marketing ideas.
How about users?
Well, I will venture to say only the users who don't want the additional
controls will be those with illegal subscriptions. So they will stay
away from any new receiver boxes if they don't have to. But they might
desire the neat new GUI boxes because it now allows them to do all kinds
of other stuff, i.e. PVR. Vendors know the power of marketing, so they
will entire these users and also migh offer some amnesty (Upgrade) program.
So yes, indeed, the model is very appropriate for DKIM.
However, the differences are these:
The new XYZ/DKIM markings is a standard and not proprietary. That means
other broadcasting vendors, including broadcasting sniffing pirates can
do the same thing and might be able to use to this to exploit
"something" about this new XYY/DKIM markings and know logic it is know
to allow or offer.
So how we resolve this?
Policy and authorization (SSP) concepts.
Within the XYZ/DKIM broadcasting markings is a FEEDBACK bit that tells
the receiver how/where to double check the originality of the XYZ
packet. This will require a BI-DIRECTIONAL concept and usually it back
to the original holder.
Now my new receiver box is getting true signals from the vendor I am
paying money too and I don't have to worry about getting fraudulent
broadcasting that might try to do something harmful to my system or my
interrupt my watching (reading) entertainment. I will get silly marque
messages on the TV screen trying to sell me something.
Here's the irony:
Everyone is doing this in the telecommunications world
including broadcasting, DSL, Cable, Mobil market with
new bi-directional feedback capabilities now possible.
Its about time we catch up with it in the EMAIL world too.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html