Steve Atkins wrote:
On Mar 9, 2009, at 12:20 PM, Barry Leiba wrote:
The discussion seems to be straying beyond certain useful
boundaries... as Stephen says, let's keep it within those. So, in
particular, with my "participant" hat on:
It seems to me that the relevant point isn't whether you do or don't
like ADSP and whether you will or won't deploy it... but, rather, that
we agree on the details of it. If you're a signer and you don't like
ADSP, you won't publish ADSP information. If you're a verifier and
you don't like ADSP, you won't retrieve ADSP information.
So what matters is that we agree on what the ADSP information says and
means, and that we agree on the interpretation by a verifier of its
absence.
If ADSP assertions put constraints on DKIM use, especially
if those constraints end up affecting those who don't choose to
use ADSP, then it's a bit more important than that. (I'm already
seeing people who can't use DKIM appropriately because they're
using DKIM signing engines that were were written with one
limited use case in mind).
I don't know if that is the case. Does anyone else?
ADSP doesn't put any constraints on a signer that doesn't publish an
ADSP record, or that publishes adsp=unknown.
Given the range of non-ADSP applications for the i= value that have been
described, verifiers would be well advised not to use the i= value as a
key to a reputation database. So while a signer's use of ADSP might
constrain a verifier that wants to key reputation on that value, it's
not a good idea anyway.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html