ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] DKIM charter update proposal

2009-10-26 07:34:03
from [hector] [Permanent Link] 


Clearly the rfc we have now is highly interoperable at the nuts and bolts
software level. 



[My opinions here is towards this statement and not the person who 
made it.]

If it is meant that if ADSP was followed, then I would agree, we are 
closer to closing the software based loopholes.  OTOH, if ADSP is 
ignored as it never existed, then DKIM-BASE is pretty straight forward.

But not when we integrating the RFcs, I have a hard time agreeing with 
this. IMO, we have pretty clear conflictive technical implementation 
guidelines, otherwise we would not be in this confused state that 
seems to leave one with a "don't know what to do, wait and see" status 
asking us to wait yet another 1+ years beyond the 3-4 already done.

For an integrated mail system, the SMTP developer and LIST SERVER 
developer are in conflict in regards to the forwarding issue.    Even 
under the same brand of software, there is an design issue with the 
SMTP software supporting ADSP being ignored by the List Server 
software.  Its not 'integrated software' logical.

On the domain side, domains have no clear solutions for what policy to 
use. We don't have enough representation of all markets here. Discard 
is pretty clear for one group regardless of how small another group 
would thing that is.  "all" is not very clear for any group, yet one 
list group is desperately trying to make it viable.  And even those 
domains who wish to use "discard" are quickly finding out they will 
not be protected against legacy spoofs and anonymous signers by the 
purported "Good Guy" resigner market we have no general and wide 
adoption method to find that out.

Even when we remove POLICY and replace it with reputation, we still 
have the open question if a forwarder/remailer SHOULD|MUST follow 
domain reputation public query information.   The same SMTP/LIST 
SERVER conflict still exist here even with REPUTATION models.

So there is no straight forward protocol and solid foundation other 
than DKIM-BASE. All we have is a pretty clear mechanism for signing 
machines but its value is questionable with no protected layer.  IMV, 
we are in a confused or better stated, COMA state, looking or waiting 
for some mystical reawaken hope to occur or kick in.

--
Hector Santos

_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] DKIM charter update proposal, Michael Thomas
Next by Date:  [ietf-dkim] I-D Action:draft-ietf-dkim-deployment-09.txt, Internet-Drafts
Previous by Thread:  Re: [ietf-dkim] DKIM charter update proposal, Michael Thomas
Next by Thread:  Re: [ietf-dkim] DKIM charter update proposal, Barry Leiba
Indexes:  [Date] [Thread] [Top] [All Lists]