On Mar 9, 2009, at 5:00 PM, Stephen Farrell wrote:
On 9 Mar 2009, at 22:47, SM <sm(_at_)resistor(_dot_)net> wrote:
At 14:17 09-03-2009, John Levine wrote:
I sign all my mail, but there's no way I can say that with ADSP.
In its current form, ADSP is broken and useless.
Given that one of the authors of draft-ietf-dkim-ssp-09 states that
ADSP is broken and useless, is it worth publishing it on the
Standards Track or even asking for publication?
Firstly, we're not authors in the sense of being personally
responsible for each word - the ability and willingness to write
something with which you disagree is laudable in many cases and in
this case. Secondly, I don't think anyone would accuse John of a
chronic tendency to understatement. So, no I don't believe his
statement has any such implication,
Being in agreement with both John and SM, why is it reasonable to
ignore this statement?
Starting off with bad definitions is likely to forestall ADSP
benefits. Additional security is less likely to be achieved when ADSP
signature definitions are impractical, or reduce delivery integrity.
Barry's suggestion to move ahead with ADSP seems unwise in light of
recent discussions of how one should interpret ADSP definitions, and
the i= value in particular. Requiring two signatures for compliance
is just wrong.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html