On May 25, 2010, at 1:46 PM, John R. Levine wrote:
Step three: fix the status quo for *participating* MLM's by offering up a
new technical solution that enables MLM's to assert that they've validated
the original sender's signature.
Not to pick on Paypal specifically, since this is a general failure of ADSP,
but:
<snip>
Colorful, but those were not my/our words or sentiment.
Once again, our use case is:
On Apr 26, 2010, at 1:19 PM, McDowell, Brett wrote:
From my perspective, I'd like to enable (not mandate or expect universal
compliance with) the deployment scenario where the sender's DKIM signature
is either maintained without adulteration or "proxied" by the list so the
transient trust can be carried through the mailing list intermediary to the
destination (per Murray's note which I'm also going to respond to). That's
my use case. By sharing this use case I'm not trying to deprecate or
undermine John Levine's original use case. But there is a diversity of
valid/appropriate behavior by mailing lists vis-a-vis DKIM that we need to
consider (which is why I'm so pleased to see Mike H. take our discussion in
this direction).
-- Brett
There are mailbox providers who want to leverage email authentication
technologies to protect their users from phishing. I'm not making that up.
What we have done with Google and Yahoo! is well known, but who here actually
believes those are the only two deployments in the world today (or in-process)?
I don't think it's in the best interest of the Internet to leave these use
cases with no alternative but to pursue closed, proprietary mechanisms. It is
my opinion that the standards community (if not IETF, then who?) could view
these use cases as an opportunity to evolve the standards in a way that will
gain more adoption and utility. The only thing we would be doing is evolving
the existing standards to enable -- not compel or coerce -- consumer protection
use cases.
Everything I've articulated since joining the mail list has been rooted in the
concept of choice. This authenticated messaging ecosystem is optional, not
mandatory. Any effort to make it mandatory is doomed. So why not provide the
option? Why not spec out a means for MLM's to participate in a
DKIM/ADSP=discardable flow in a way that supports consumer protection use cases?
-- Brett
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html