Date: Thu, 24 Jan 2008 08:18:32 -0800
From: dhc(_at_)dcrocker(_dot_)net
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to
unsigned messages
Stephen Farrell wrote:
1521 Limit the application of SSP to unsigned messages new dkim
Nobody 0 dhc(_at_)dcrocker(_dot_)net 9 days ago 9 days ago
0
Proposal: REJECT, but some wording changes may be needed for the next
rev, thread is [4] I mainly saw opposition to the change suggested in
the issue, and little support, but some text clarifying changes were
suggested (e.g. [5]). [4]
http://mipassoc.org/pipermail/ietf-dkim/2007q4/008424.html [5]
http://mipassoc.org/pipermail/ietf-dkim/2007q4/008467.html
Would you please explain the basis for assessing that this topic got
sufficient discussion and that there was rough consensus on it?
See above "I mainly saw..."
Summary of proposal:
All text that causes SSP to be applied to an already-signed message
needs to be removed.
Folks,
I've reviewed the thread that took place on this topic. Here are summary
statistics:
Total postings in thread: 46
Number of different people posting: 14
Apparent REJECT of proposal: 4
Apparent ACCEPT of proposal: 5
I would like to ask folks with an opinion about this proposal to post an
explicit note stating support or opposition. Some of the existing posts were
about substantive issues in the proposal, but did not clearly indicate
support
or opposition.
Given that this issue goes to the core of a significant fraction of the
current specification's functionality and given that there is at least an
implied requirement for the functionality in the SSP requirements RFC, I'll
ask folks to do both a +1/-1 *and* to explain their reasons.
I also do not find a record in the archive of working group agreement to add
the features in question. So an assumption that the features should be
retained unless there is a rough consensus *against* is problematic. Citing
the SSP requirements RFC is comforting, but questionable, absent any history
of group discussion and clear rough consensus about the matter.
d/
--
-1 . I would like to see us remove any text that implies a decision about what
a receiver should do with that information, and maybe some text making it clear
that a receiver may decide on a message by message basis to completely skip SSP
processing for for reasons of local policy or because they have sufficient
information to make a decision without checking SSP (though it seems a little
odd for an RFC to say that when you are not doing X you don't need to worry
about how to properly do X). But I think there are a sufficient number of cases
where domain owners may want to make statements not just about mail that is not
signed, but about mail that is not signed by them.
_________________________________________________________________
Shed those extra pounds with MSN and The Biggest Loser!
http://biggestloser.msn.com/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html