ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: ISSUE 1521 -- Limit the application of SSP to unsigned messages

2008-01-24 21:10:54
Steve Atkins wrote:

It is would be one thing to kill SSP for its technical merits, but no one has SHOWN it is flawed system. NO one.

Sure they have. Numerous times. Anyone who doesn't recognize that it
has flaws is, honestly, not technically knowledgeable enough to be able
to offer anything useful to the spec development.

I disagree.

All the concerns are directly attributed to SSP threatening reputation services. Case in point, Dave's Deployment Drafts has no SSP consideration, never had any consideration for it and it is 100% tied to reputation. The deployment guide specifically states:

   Unless a scheme can correlate the DKIM signature with
   accreditation or reputation data, the presence of a DKIM
   signature SHOULD be ignored.

And that implies even a VALID signature. So the DEPLOYMENT draft changes the semantics of DKIM-BASE itself to one where DKIM-BASE is now deemed useless unless a reputation system is in place. Go figure.

SSP lowers the need to reputation services and everyone with a good engineering, product development and marketing sense can see that.

SSP is a 100% perfectly viable and top notch engineers, good people, like Eric, Jim, including myself, Arvel and many others contributed greatly to the specs and believe it has value WITH and WITHOUT signatures. To suggest we are all WRONG is offensive. The fact is, we were not wrong.

That SSP has some serious flaws isn't, in itself, a reason not to develop
it and deploy it.

Can you outline the serious TECHNICAL flaws? I have a feeling you will not be able to.

But if the people who are developing the specification
are not capable of recognizing that there are flaws, we have a problem.

No, we have a problem with the self-interest promotions of direct marketing related people here who want their cake and eat it too, at the expense at all others.

The bottom line, truth be told, SSP threatens the adoption rate of any reputation service. It needs to be stated because all this has gotten out of hand. You have to question why Dave had endorsed 5016 only to come back later acting like he knew nothing about it. Wasted everyone's time.

Purely based on self interest, and unfortunately we have a few cogs who are masters of getting things KILLED if they want it to DIE.

It is a very SAD that not enough the technical developers are here to mandate the direction.

On the contrary. It's those with most technical experience who see the
flaws in it, generally.

And generally that is true, but that hasn't happen here, and quite frankly, you are in no position to question anyone's technical experience.

Since day one, John and Dave never had any sincere interest in seeing SSP get developed or allow for it to get develop by others. None of them have any interest in it - period. It didn't serve their purpose. In fact, it hampered the push for reputation services.

Since day one all these issues were on the table, the multiple co-authors and the 3rd party issues, so there is nothing new here.

Now, not even the watered down STRICT/ALL policies are good enough and now we have a marketing campaign and Deployment Draft that is 100% designed around reputation, NO SSP consideration whatsoever, not even for NONE signatures. In fact, not even a valid signature is good enough unless its tied to reputation.

That is not a technical issue. That was a strategic business design decision to promote reputation services.

So lets get it out because the bottom line, there was never any sincere technically driven group effort to squeeze out all the issues *without* a REPUTATION concept clouding the issues.

--
Sincerely

Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com

_______________________________________________
NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>