Eliot Lear wrote:
On 2/18/09 1:51 PM, Wietse Venema wrote:
If intelligent people cannot agree on what is the result of a
protocol, then there is a problem that needs to be fixed. The
proposed errata address the problem. The alternative does not.
But that where precisely is the disagreement? That is the real Q.
In my view, the problem began with the Deployment Guide. RFC 4871 did
not match the stated semantics of the non-vetted Deployment Guide, a
product designed around out of scope trust-based services, reputation
ideas and design criterias purely based on heuristics, that is "on
guessing" [SIC] concepts.
Lets face it.
What we are really dealing with is the issues related to 3rd party
signers - either external or in-house. It was thrown out of SSP
resulting in ADSP, but the only place it really disappear from was the
WG - moved to behind the scene, to a non-vetted deployment guide.
When SSP was killed and the deployment guide was written, the writing
was on the wall - DKIM will not work well without reputation services.
Even the original Deployment Guide stated as much and I posted
concerns regarding that statement in the guide. My concern was the
"batteries required" syndrome and that is exactly what seems to have
occurred.
I had no problem with the reputation services - it inevitable. Its
required in my view as this technology matures. It is something we
will include too.
However, from a SMTP product standpoint, in my view, I always felt
POLICY was the middle ground to help address the obvious FRAUD that
will prevail with wide deployment - FRAUD that SHOULD NOT be based on
Heuristics or "Guessing."
It was always my hope that the IETF WG chairs will control the
powerful forces behind the scene making DKIM more complex than it
ought to be. People need to remember that small systems will suffer
the consequences when the BAD GUYS try to exploit larger system and
domains with their reputation servers employed against the smaller
systems who may not have the Batteries or even same batteries required.
--
Sincerely
Hector Santos
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html