ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] ADSP, was Lists "BCP" draft available

2010-05-25 18:07:47
On May 25, 2010, at 1:46 PM, John R. Levine wrote:

Step three: fix the status quo for *participating* MLM's by offering up a 
new technical solution that enables MLM's to assert that they've validated 
the original sender's signature.

Not to pick on Paypal specifically, since this is a general failure of ADSP, 
but:


<snip>

Colorful, but those were not my/our words or sentiment.

Once again, our use case is:

On Apr 26, 2010, at 1:19 PM, McDowell, Brett wrote:

From my perspective, I'd like to enable (not mandate or expect universal 
compliance with) the deployment scenario where the sender's DKIM signature 
is either maintained without adulteration or "proxied" by the list so the 
transient trust can be carried through the mailing list intermediary to the 
destination (per Murray's note which I'm also going to respond to).  That's 
my use case.  By sharing this use case I'm not trying to deprecate or 
undermine John Levine's original use case.  But there is a diversity of 
valid/appropriate behavior by mailing lists vis-a-vis DKIM that we need to 
consider (which is why I'm so pleased to see Mike H. take our discussion in 
this direction).

-- Brett

There are mailbox providers who want to leverage email authentication 
technologies to protect their users from phishing.  I'm not making that up.  
What we have done with Google and Yahoo! is well known, but who here actually 
believes those are the only two deployments in the world today (or in-process)? 
 

I don't think it's in the best interest of the Internet to leave these use 
cases with no alternative but to pursue closed, proprietary mechanisms.  It is 
my opinion that the standards community (if not IETF, then who?) could view 
these use cases as an opportunity to evolve the standards in a way that will 
gain more adoption and utility.  The only thing we would be doing is evolving 
the existing standards to enable -- not compel or coerce -- consumer protection 
use cases. 

Everything I've articulated since joining the mail list has been rooted in the 
concept of choice.  This authenticated messaging ecosystem is optional, not 
mandatory.  Any effort to make it mandatory is doomed.  So why not provide the 
option?  Why not spec out a means for MLM's to participate in a 
DKIM/ADSP=discardable flow in a way that supports consumer protection use cases?

-- Brett
_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html

<Prev in Thread] Current Thread [Next in Thread>