Re: [ietf-dkim] DKIM+ADSP = FAIL, and it's our fault

+1.

-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com

Steve Atkins wrote:
> On Sep 14, 2010, at 12:35 PM, J.D. Falk wrote:
> > Yes, I know it requires more effort, but what we've been doing so far 
> > clearly isn't working.
> The problem is that the two things have badly conflicting requirements. DKIM 
> is based on a domain-based identifier that's independent of the From: domain, 
> and that's where much of it's value comes from. ADSP is based on a 
> domain-based identifier that must remain identical to the From: field at all 
> times, and that's where it's sole value comes from. ADSP intrinsically 
> conflicts with the original design case for DKIM, despite being piggy-backed 
> on to it.
>
> So any document that puts forth even basic good practices for DKIM usage for 
> monitoring sender reputation (use d= to differentiate mail streams) is going 
> to be anathema to ADSP requirements (d= must be the same as the From: domain).
>
> And any ADSP-driven set of requirements (mailing lists should not only 
> re-sign any mail they re-send, they should alter the From: address to match) 
> is going to be considered nonsensical by people who consider DKIM a way to 
> tie an identity cookie to a message.
>
> And, as we've seen, any compromise document is hated by pretty much everyone, 
> even assuming you can get there.
>
> Cheers,
>   Steve
>
>
> _______________________________________________
> NOTE WELL: This list operates according to 
> http://mipassoc.org/dkim/ietf-list-rules.html



_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html