Dave CROCKER wrote:
On 5/4/2011 9:47 AM, Michael Thomas wrote:
The set of people paying attention now are extremely few, and many of them
have self-interest in revisiting and/or changing the previous consensus --
taking advantage of the much smaller set of participants.
Creative premise. Your assertion is that folks outside the wg are not
monitoring it.
Given the continuing, intense attention to DKIM that is taking place at a
variety of vendues, such as MAAWG and some private industry groups, your
assertion does not match the experience a number of us have.
Then one has to submit the question:
Is the best interest of entire IETF mail community being served
using a MAAWG and private industry group mandate to isolate
DKIM to single identity trust assessment?
I suggest that the best interest of the majority which include small
to mid operations, free or commercial is not being served. If you
want a solution for DKIM it needs to serve all parties of all sizes
and it must not be done at the expense of security.
To quote a CEO of one such Marketing company [1]:
Are we on the cusp of a customer trust meltdown? I don’t know.
But we are dealing with ‘trust’ at a different level than I’ve
seen before. Up to now, our trust conversations have centered on
whether we can be trusted to use customer data as they’d like it
be used. We’ve talked about trust relative to spam, data sharing
and the like. These breaches take trust to a much more basic
level —
can we be trusted to keep our customer data safe and out of the
hands
of criminals who might do them harm. This is all about data
security
— something us marketers avoid thinking about, but now must because
it has direct brand ramifications.
and his recommendation [2]:
The framework I see for addressing this challenge is threefold:
1. Rally the industry and articulate data security/best
practice guidelines
2. Encourage companies to apply those guidelines within
their own environments
3. Provide a collaboration forum for companies to
discuss common threats and share best security practices
Security can not be ignored and want to give reasons for receivers
across the board to accept these new roles, then you must present all
outputs to help address all DKIM related evaluations, including does
related to security.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html