Douglas Otis wrote:
The otis-dkim-adsp draft modified the terms from
unknown/all/discardable
to
OPEN/CLOSED/LOCKED
So far that is IMO still three terms for two results.
"unknown" is a misnomer since this asserts not
signing Author Domain messages is permitted. This
practice becomes known once the ADSP has been
discovered. The term "OPEN" more correctly indicates
any outbound SMTP server is "open" to users of the
Author Domain.
It's anyway not very interesting for receivers, and so
I don't care much about the name, "open", "unknown",
"neutral", "maybe", whatever.
The term "all" incorrectly implies the nature of the
assertion. Clearly ensuring all messages are signed
is beyond the control of the domain making this
assertion. Not "all" Author Domain messages can be
assured to have been signed.
But "all" is clear for receivers, the intention is to
sign all mails, and anything else is by definition bad.
Of course that is the definition of the domain owner,
the domain owner has to educate the users, the receiver
can say "getting this right is none of my business, I
simply reject (or similar) unsigned mails on behalf of
the domain owner, unless I have a reason to accept them,
e.g. from a known mailing list".
Rather "CLOSED" more correctly indicates non-signing
SMTP services are considered "closed" to users of the
Author Domain.
IMO "closed" is not better than "all", but that could
be a matter of taste. My point was that there is no
relevant third case "discardable" / "locked" as soon as
you have "all" / "closed".
Depending upon intended outcome of "discardable", this
term recommends an action that may not be appropriate,
and one that degrades the integrity of SMTP delivery.
Yes. Additionally it's redunant, receivers are free to
interpret "all" and "discardable" as identical, and in
fact I don't see why they should interpret these results
as different.
At one point of the SPF history folks proposed to add a
"do what I mean" modifier for FAIL. That proposal wasn't
adopted, it would downgrade any unmodified FAIL. The
difference between "all" and "discardable" is apparently
the same "do what I mean" idea, I don't like it.
"Closed" and "locked" don't improve this situation.
Dismissal does not imply discard.
+1 But "discardable" is not only the wrong name, it's a
redundant concept. The real thing is "all", and what
receivers do with it is a receiver policy, not a signing
practise.
There's no difference between an "all" or a "discardable"
signature, and there is no difference between an "all" or
"discardable" lack of a signature. DKIM signatures are
meant to survive, if mailing lists destroy them receivers
have to deal with it, the domain owner can't help them to
get this right with a "do what I mean" (discardable) info.
Frank
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html