On Dec 4, 2007, at 3:45 PM, Arvel Hathcock wrote:
Hi!
I'm sure others will make more intelligent comments but I have a
few that I'd like to offer.
First, text in the SSP draft states repeatedly that receivers are
free to dispose of their messages as they see fit so I think that
certain and frequent comments in the Review to the contrary are
incorrect.
In general, the draft needs to consider adoption incentives for
receivers.
SSP offers itself as a means to detect unauthorized domain use.
That is sufficient incentive for adoption by receivers.
It doesn't provide a reliable means to detect unauthorized domain
use. That alone is sufficient reason for receivers (and many senders)
to be skeptical about deployment.
How unreliable it is we don't know yet, but until we have more
operation experience with DKIM it's reasonable to assume the worst.
If it starts being deployed and we discover that the SSP false-
positive rate is too high we'll lose a huge amount of time rolling
back deployment of SSPv1 and working on a more realistic SSPv2.
The SSP false-positive rate will be driven primarily by the DKIM
false-negative rate. As that's a critical piece of data needed to
complete the SSP design to a level of quality suitable for widespread
deployment the wisest course of action would seem to be to wait until
we have wider DKIM deployment and more DKIM operational experience,
and then to gather that data.
(In parallel with gathering that data we could also take more time to
deal with some of the other issues with SSP semantics in a broader
forum, with more input from from real-world senders and receivers,
rather than the small subset currently looking at it).
Cheers,
Steve
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html