ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] ADSP -> Experimental

2009-03-10 08:52:25
from [MH Michael Hammer (5304)] [Permanent Link] 





-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org [mailto:ietf-dkim-
bounces(_at_)mipassoc(_dot_)org] On Behalf Of John Levine
Sent: Tuesday, March 10, 2009 7:33 AM
To: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] ADSP -> Experimental


Please stop all this ADSP "good"/ADSP "bad" repetition.


I am specifically proposing that we withdraw it as
standards track and resubmit it as experimental,
because that's what it is.



So let's talk brass tacks......

1) John asserts that he has difficulty finding many ADSP records. I
agree with him that there are likely not many out there. Given all the
changes that have taken place as it mutated from SSP to ADSP in the
various drafts one would have to be a masochist or a pathfinder (willing
to take arrows in the back) to publish records. 

This does not mean that domains that sign all mail have not been
checking to see how receivers would perceive their mail if an ADSP
record were published.

2) John asserts that ADSP should be withdrawn from standards track and
resubmitted as experimental. The only supporting evidence he has
provided is that ADSP doesn't do anything for him personally. He
therefore considers it broken. By that standard (does it do anything for
John) there are lots of standards that should be converted to
experimental.

For 5 domains I am responsible for and for which I have publicly stated
multiple times over the past year or so that all mail is DKIM signed and
receivers can act on that basis (as if ADSP were stable and we were
publishing), roughly (just under) 500 million signed emails have been
sent. 

I have spoken/worked with various receivers as well as participated in 2
closed betas for feedback loops on signing in examining the outcomes
associated with asserting all mail is signed/publishing ADSP. I am aware
of a number of major financial institutions subject to phishing abuse
that have been testing DKIM/ADSP for both outbound and inbound. There
are currently efforts to put together data for the various cases of
validation failure in production environments. The goal being to publish
the data to inform potential implementers of the impacts (positive and
negative) that ADSP implementation might have.

I've stated it before and I'll state it again. ADSP might have been
worked to accommodate the (stated) needs of people like John. The
consensus of the working group was to narrow it down to first party
(author) signing domains. For first party (author) signing domains it
does what it claims to do as far as my experience stated above shows.

It is inappropriate for John to suggest that ADSP should be reclassified
as experimental simply on the basis that it does not benefit him
personally.

Mike

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] ADSP -> Experimental, Hector Santos
Next by Date:  Re: [ietf-dkim] ADSP -> Experimental, Dave CROCKER
Previous by Thread:  Re: [ietf-dkim] ADSP -> Experimental, Hector Santos
Next by Thread:  Re: [ietf-dkim] ADSP -> Experimental, Byung-Hee HWANG
Indexes:  [Date] [Thread] [Top] [All Lists]