Re: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to unsigned messages
2008-01-24 21:10:54
Steve Atkins wrote:
It is would be one thing to kill SSP for its technical merits, but no
one has SHOWN it is flawed system. NO one.
Sure they have. Numerous times. Anyone who doesn't recognize that it
has flaws is, honestly, not technically knowledgeable enough to be able
to offer anything useful to the spec development.
I disagree.
All the concerns are directly attributed to SSP threatening reputation
services. Case in point, Dave's Deployment Drafts has no SSP
consideration, never had any consideration for it and it is 100% tied to
reputation. The deployment guide specifically states:
Unless a scheme can correlate the DKIM signature with
accreditation or reputation data, the presence of a DKIM
signature SHOULD be ignored.
And that implies even a VALID signature. So the DEPLOYMENT draft changes
the semantics of DKIM-BASE itself to one where DKIM-BASE is now deemed
useless unless a reputation system is in place. Go figure.
SSP lowers the need to reputation services and everyone with a good
engineering, product development and marketing sense can see that.
SSP is a 100% perfectly viable and top notch engineers, good people,
like Eric, Jim, including myself, Arvel and many others contributed
greatly to the specs and believe it has value WITH and WITHOUT
signatures. To suggest we are all WRONG is offensive. The fact is, we
were not wrong.
That SSP has some serious flaws isn't, in itself, a reason not to develop
it and deploy it.
Can you outline the serious TECHNICAL flaws? I have a feeling you will
not be able to.
But if the people who are developing the specification
are not capable of recognizing that there are flaws, we have a problem.
No, we have a problem with the self-interest promotions of direct
marketing related people here who want their cake and eat it too, at the
expense at all others.
The bottom line, truth be told, SSP threatens the adoption rate of any
reputation service. It needs to be stated because all this has gotten
out of hand. You have to question why Dave had endorsed 5016 only to
come back later acting like he knew nothing about it. Wasted everyone's
time.
Purely based on self interest, and unfortunately we have a few cogs
who are masters of getting things KILLED if they want it to DIE.
It is a very SAD that not enough the technical developers are here to
mandate the direction.
On the contrary. It's those with most technical experience who see the
flaws in it, generally.
And generally that is true, but that hasn't happen here, and quite
frankly, you are in no position to question anyone's technical experience.
Since day one, John and Dave never had any sincere interest in seeing
SSP get developed or allow for it to get develop by others. None of
them have any interest in it - period. It didn't serve their purpose.
In fact, it hampered the push for reputation services.
Since day one all these issues were on the table, the multiple
co-authors and the 3rd party issues, so there is nothing new here.
Now, not even the watered down STRICT/ALL policies are good enough and
now we have a marketing campaign and Deployment Draft that is 100%
designed around reputation, NO SSP consideration whatsoever, not even
for NONE signatures. In fact, not even a valid signature is good enough
unless its tied to reputation.
That is not a technical issue. That was a strategic business design
decision to promote reputation services.
So lets get it out because the bottom line, there was never any sincere
technically driven group effort to squeeze out all the issues *without*
a REPUTATION concept clouding the issues.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to unsigned messages, (continued)
- Re: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to unsigned messages, Damon
- Re: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to unsigned messages, Wietse Venema
- Re: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to unsigned messages, Michael Thomas
- Re: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to unsigned messages, Arvel Hathcock
- Re: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to unsigned messages, Mark Delany
- Re: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to unsigned messages, Hector Santos
- Re: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to unsigned messages, Steve Atkins
- Re: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to unsigned messages,
Hector Santos <=
- [ietf-dkim] SSP vs. reputation (was: ISSUE 1521 -- Limit the application of SSP to unsigned messages), Frank Ellermann
- Re: [ietf-dkim] SSP vs. reputation (was: ISSUE 1521 -- Limit the application of SSP to unsigned messages), Charles Lindsey
- Re: [ietf-dkim] ISSUE 1521 will damage DKIM/SSP, Hector Santos
- Re: [ietf-dkim] SSP vs. reputation, Hector Santos
- RE: [ietf-dkim] SSP vs. reputation, MH Michael Hammer (5304)
- Re: [ietf-dkim] SSP vs. reputation, Hector Santos
- [ietf-dkim] Re: SSP vs. reputation, Frank Ellermann
- Re: [ietf-dkim] Re: SSP vs. reputation, Hector Santos
- RE: [ietf-dkim] Re: SSP vs. reputation, MH Michael Hammer (5304)
- [ietf-dkim] Reputation vs SSP, Douglas Otis
|
|
|