-----Original Message-----
From: Dave CROCKER [mailto:dhc(_at_)dcrocker(_dot_)net]
Sent: Wednesday, June 02, 2010 4:06 PM
To: MH Michael Hammer (5304)
Cc: ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] list vs contributor signatures, was Wrong
Discussion
On 6/2/2010 12:58 PM, MH Michael Hammer (5304) wrote:
Since we've been seeing reports of breakage due to using ADSP
records
for
domains that are not under sufficient control, it is clear that
some
fraction of the ADSP-using world does not understand what it is
for, or
at
least what its limitations are.
If we apply this to other standards (SMTP, DNS, HTTP, etc) we would
just
have to power down the whole internet. The best that we can do is
come
up
with something that makes a modicum of sense, fix things we didn't
anticipate
or understand because we needed operational experience and move on.
There will always be some fraction of the user/implementer base that
won't
understand protocols, standards or RFCs. It kind of goes with the
territory.
Mike, this is the sort of discussion disconnect that prevents making
progress.
I'm copying the list because it's a broad-based problem we are all
having
in
trying to discuss issues.
Simply stating that we are seeing some reports of breakage due to using
ADSP records for domains that are not under sufficient control does not
add much of anything meaningful to the discussion. This issue has been
discussed for YEARS and now that we see it some people are acting
shocked? I'm shocked I tell you. I seem to remember this very discussion
at an excellent dinner following the FTC workshop in 2007. This same
discussion was held years before that when SSP was just a gleam in
everyone's eye. This is something that was predicted and predictable.
At the end of the day, ADSP was a compromise that limited usefulness to
a handful of corner cases implemented under extremely tight control at
the risk of breakage and collateral damage if not carefully implemented.
First, a question was put forward and I offered an answer. It is
simply
not
fair to then respond in a manner that dismisses that answer (or at
least
dismisses it in this way.)
Second, the usual way that services get successful is to look for
problems
in
their use and look for ways to correct them. Simply saying that there
are
always some problems is not helpful.
We know the answers for ADSP... see above.
Third, we do not have massive amounts of ADSP success which permits
marginalizing a tiny amount of problems. We have tiny use, with
notable
breakage.
I'm still waiting for someone to produce use numbers (of domains) for
ADSP. Just out of curiosity, what number do we have to reach to hit the
technical term "massive"? Somehow I doubt that in it's current
incarnation ADSP will ever have massive implementation.
From another perspective, in the greater scheme of standards, ADSP is
still very much wet behind the ears. It wasn't until October of 2008
that there was interoperability testing.
Fourth, it has become increasingly clear to me, at least, that there
is
broad-based misunderstanding of what can reasonably be accomplished
with
DKIM
and what can reasonably be accomplished with ADSP, versus what cannot.
I agree with you on that. Something along the lines of pixie dust,
unicorn horns, magic spam prevention, makes you taller and your teeth
whiter...
Failure
to gain broad-based agreement about both capabilities and limits
ensures
an
on-going mismatch in expectations.
And thus the rise of 3rd party "trusted intermediaries".........
If proponents want simply to keep automatically saying that things are
great and
keep automatically rejecting any counter-points, then I'm not clear
what
the
purpose of these discussions is.
I'm not a proponent and I'm not saying things are great. I believe I've
stated a few times that I believe that ADSP is crippled and I don't see
myself publishing "discardable".
When the counterpoints are along the lines of "some people" have "some
problems" and the point is made "if we were following the standard then
we wouldn't be seeing your mail anyways", then my response is..... then
why aren't you discarding it? Either you believe in the standard you
helped craft or you don't.
So, is this a discussion about a BCP for MLMs or is this a discussion
about revisiting the ADSP spec? The course of the discussion really
depends on what the consensus is.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html