ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Review of DKIM Sender Signing Practices (draft-ietf-dkim-ssp-01)

2007-12-06 05:20:46
from [Charles Lindsey] [Permanent Link]
On Wed, 05 Dec 2007 14:18:09 -0000, Scott Kitterman <ietf-dkim(_at_)kitterman(_dot_)com> wrote: 


On Wednesday 05 December 2007 08:53, John Levine wrote:

>How would doing this work change what verifiers do after the RFC is
> deployed?

Probably not much, but it will help rein in unwarranted expectations
by senders that publishing SSP will affect what happens to their mail.
Exactly. Verifier implementors who do not read the document carefully enough (Shock! Horror! they wouldn't to that would they!) will see all those "Verifiers MUST" statements and deduce that they are obliged to follow them exactly. Which will discourage them from trying innovative and imaginative techniques which might, in the long term, lead to impprved filtering of 'suspicious' (or even 'not so suspicious') messages.
And let me remind you that this thread started exactly because Dave Crocker (who maybe should know better) misread those "MUST"s in exactly that way. If even the people on this list can mis-read the draft, then that is a clear indication that its wording needs to be reviewed even though it does, when read carefully, say the right thing. 


It sounds like a lot of work to say the same thing to me.  I don't think
increasing the quantity and type of ways that the draft says it doesn't
mandate what receivers will do is a value added use of anyone's time.
Extra work that results in implementors making fewer mistakes is NEVER a waste of time.
FYI, here is the wording that I suggested again. It isn't necessarily a pure addition, since it might enable some other less obvious statements of the situation to be taken out: 


"This document describes processes for what verifiers are expected to do
in order to achieve what the signers intend.
 But these descriptions are not Normative since there is no compulsion on
verifiers to follow those processes exactly as described, or even at all.
Therefore, use of the terms "MUST" and "SHOULD" in these descriptions
merely indicate the steps verifiers need to take if they want to claim
adherence to the particular set of processes described here."


--
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131     Web: http://www.cs.man.ac.uk/~chl 
Email: chl(_at_)clerew(_dot_)man(_dot_)ac(_dot_)uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5
_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Draft summary of SSP functionality, Hector Santos
Next by Date:  Re: [ietf-dkim] Review of DKIM Sender Signing Practices (draft-ietf-dkim-ssp-01), Scott Kitterman
Previous by Thread:  Re: [ietf-dkim] Review of DKIM Sender Signing Practices (draft-ietf-dkim-ssp-01), Scott Kitterman
Next by Thread:  Re: [ietf-dkim] Review of DKIM Sender Signing Practices (draft-ietf-dkim-ssp-01), Scott Kitterman
Indexes:  [Date] [Thread] [Top] [All Lists]