Murray S. Kucherawy wrote:
-----Original Message-----
Its just really odd that the we need to hide the facts in RFC4871bis
but not in RFC5585 (DKIM Architecture) and RFC5863 (DKIM Deployment
Guideline)?
I've lost track of how many times and how many different ways
it's been explained that nothing is being hidden. I'm going to
give up now.
If nothing is being hidden, then why not explicitly add AUID and ODID
(or RFC5585.From.Domain) to the Output Summary? Whats the danger?
Maybe its not a "Output Summary?"
Here are some definitions for a summary [1]:
A summary, synopsis, or recap is a shorter version of the original.
Such a simplification highlights the major points from the much
longer subject, such as a text, speech, film, or event. The purpose
is to help the audience get the gist in a short period of time.
An abstract or a condensed presentation of the substance of a body
of material; concise, brief or presented in a condensed form;
Performed speedily and without formal ceremony
etc. What you are proposing is just the redundant "Mandatory Output"
information, and not a "DKIM Output Complete" summary that reflects
current implementations.
But in the mean time, implementors are not listening. They are looking
at other things especially the "author thing" we must burn into the
signature.
Which implementers, and why aren't they saying anything?
Well you, I did and many in the archives has say things, and many have
stated very clearly the ODID is considered a very fundamental part of
DKIM. RFC5585 reflects how signing practices is part of the expected
DKIM Architecture.
The two open source APIs:
OpenDKIM
ALT-N
has support for signing practices.
Systems using A-R to report DKIM results are using AUID, such as
Dave's MLM.
And I know our DKIM product has direct support for the design
described in RFC5595 including A-R with all four outputs (status,
SDID, AUID, ODID) as well as the ADSP extensions.
The biggest software company, Microsoft, has announced ADSP support
and that means ODID output is required. How can that be not significant?
Yes, it is getting tiresome because it is real hard to understand why
adding the obvious to the Output Summary is a problem. What harm is
there? None that I can see.
Why isn't there any mediated compromise to settle these 5-6 years
conflict?
In my view, your proposed section 1.1 DKIM Architecture Documents and
with adding the AUID and ODID as part of the output to make all the
documents protocol consistent will settle the issue, in my view, for
all parties.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
[1] http://www.google.com/search?rlz=1C1CHMG_enUS291US310&q=define:summary
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html