On Jul 25, 2010, at 11:36 AM, Murray S. Kucherawy wrote:
I've engaged some of you off-list trying to understand why ADSP is
fundamentally different than the private agreements known to exist between
PayPal and some large email service providers. I get the philosophical
arguments, but from a standards body perspective I remain stymied.
I'm finally beginning to buy that something akin to DBR may be necessary, but
it's still weird to me that the point is that the average sysadmin can't be
trusted to do ADSP right. But then why, for example, can he/she be trusted
to do DNS or SMTP or even TCP/IP right without some sort of vouching or
reference service asserting competence?
The whole point of standards is to publish a mechanism for accomplishing
something so that two parties that have never interacted in that specific way
before can do so without some kind of out-of-band prior arrangement. In that
sense these statements about ADSP create some cognitive dissonance that I
haven't been able to resolve yet.
I think it's because, when you implement most protocols, if your end is broken
then you can't even talk to the other end. With ADSP, if your end is broken
then you can still talk SMTP and even sign with DKIM, but the other end may
silently discard your message. There's no feedback.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html