ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Review of DKIM Sender Signing Practices (draft-ietf-dkim-ssp-01)

2007-12-06 07:35:54
from [Scott Kitterman] [Permanent Link] 
On Thursday 06 December 2007 07:12, Charles Lindsey wrote:

On Wed, 05 Dec 2007 14:18:09 -0000, Scott Kitterman

<ietf-dkim(_at_)kitterman(_dot_)com> wrote:

On Wednesday 05 December 2007 08:53, John Levine wrote:

How would doing this work change what verifiers do after the RFC is
deployed?


Probably not much, but it will help rein in unwarranted expectations
by senders that publishing SSP will affect what happens to their mail.


Exactly. Verifier implementors who do not read the document carefully
enough (Shock! Horror! they wouldn't to that would they!) will see all
those "Verifiers MUST" statements and deduce that they are obliged to
follow them exactly. Which will discourage them from trying innovative and
imaginative techniques which might, in the long term, lead to impprved
filtering of 'suspicious' (or even 'not so suspicious') messages.

And let me remind you that this thread started exactly because Dave
Crocker (who maybe should know better) misread those "MUST"s in exactly
that way. If even the people on this list can mis-read the draft, then
that is a clear indication that its wording needs to be reviewed even
though it does, when read carefully, say the right thing.


I agree that he chose to read them that way.


It sounds like a lot of work to say the same thing to me.  I don't think
increasing the quantity and type of ways that the draft says it doesn't
mandate what receivers will do is a value added use of anyone's time.


Extra work that results in implementors making fewer mistakes is NEVER a
waste of time.


Agreed, but I don't think that's the case here.


FYI, here is the wording that I suggested again. It isn't necessarily a
pure addition, since it might enable some other less obvious statements of

the situation to be taken out:

"This document describes processes for what verifiers are expected to do
in order to achieve what the signers intend.
 But these descriptions are not Normative since there is no compulsion on
verifiers to follow those processes exactly as described, or even at all.
Therefore, use of the terms "MUST" and "SHOULD" in these descriptions
merely indicate the steps verifiers need to take if they want to claim
adherence to the particular set of processes described here."


I don't think that really changes much.  

-1

Scott K
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Review of DKIM Sender Signing Practices (draft-ietf-dkim-ssp-01), Charles Lindsey
Next by Date:  Re: [ietf-dkim] Mailing lists as 2822-Sender (was: Responsibility vs. Validity), Tony Finch
Previous by Thread:  Re: [ietf-dkim] Review of DKIM Sender Signing Practices (draft-ietf-dkim-ssp-01), Charles Lindsey
Next by Thread:  Re: [ietf-dkim] Review of DKIM Sender Signing Practices (draft-ietf-dkim-ssp-01), Arvel Hathcock
Indexes:  [Date] [Thread] [Top] [All Lists]