-----Original Message-----
From: ietf-dkim-bounces(_at_)mipassoc(_dot_)org
[mailto:ietf-dkim-bounces(_at_)mipassoc(_dot_)org] On Behalf Of MH Michael
Hammer (5304)
Sent: Saturday, October 16, 2010 10:43 AM
To: Wietse Venema; ietf-dkim(_at_)mipassoc(_dot_)org
Subject: Re: [ietf-dkim] detecting header mutations after signing
We are left in the realm of "the operation was a success but the patient
died". If this where we want to be?
That's a pretty neat framing of the question.
What is the value proposition that DKIM offers that incentivizes people
to adopt it?
I'll take a crack at that: DKIM offers the MUA enough data to know what parts
of a message to be rendered can be considered "valid" inasmuch as someone (the
signer) took responsibility for it. How it's rendered is up to the MUA. We
certainly, and probably should, provide some advice in this area to MUA
implementations, but we haven't the teeth to demand it.
I am not suggesting that we boil the ocean. I am suggesting that we can
realistically address this class of problem without having to "fix" the
world. Failure to address it significantly alters the value proposition
of DKIM..... in a negative manner.
Since we're all big on analogies, how about:
Experian can give you the rating of someone applying for credit. Whether or
not you pay attention to that information in making your credit decision is
entirely up to you.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html