Michael Thomas wrote:
>> Dave Crocker wrote:
>> Because the mechanism is problematic and the choice of From is
>> problematic.
>
> Problematic? It's central, and well documented in RFC5016.
It unfortunate the people you acknowledged in RFC 5016 as providing
substantial review, never really did agreed or never really thoroughly
understand it.
So much time wasted.
Nearly 2+ years ago the original SSP-01, by far, the clearer functional
specification, even a 6 year old can understand, biggest hole was the
3rd party issue. Today, the same thing.
IMV, I should probably just focus on making DKIM/SSP a 1st party
signature system as this is the only common ground nearly everyone, if
not all, agrees with. And if some one wishes to propose a 3rd party
signature after the 1st party system in in practice, it can then be
revisited.
We need to provide the highest benefit possible for DKIM/SSP so that the
market can gain the confidence in implementing and adopting it, relying
on it - confidently with no ambiguity. That can only be done with a 1st
party signature system in place - first. The 3rd party stuff is far too
complicated. Too many loop holes, too many security threats, too much
trouble that will bring down DKIM/SSP with it.
Of course, my opinion.
--
Hector Santos, CTO
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html