ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity"

2011-05-04 13:58:48
from [Hector Santos] [Permanent Link] 
Missing citations for the quotes below:

[1] http://www.messagesystems.com/wordpress/?p=65
[2] http://www.messagesystems.com/wordpress/?p=69

Hector Santos wrote:

Dave CROCKER wrote:



Given the continuing, intense attention to DKIM that is taking place at a
variety of vendues, such as MAAWG and some private industry groups, your
assertion does not match the experience a number of us have.


Then one has to submit the question:

     Is the best interest of entire IETF mail community being served
     using a MAAWG and private industry group mandate to isolate
     DKIM to single identity trust assessment?

I suggest that the best interest of the majority which include small 
to mid operations, free or commercial is not being served.  If you 
want a solution for DKIM it needs to serve all parties of all sizes 
and it must not be done at the expense of security.

To quote a CEO of one such Marketing company [1]:

   Are we on the cusp of a customer trust meltdown? I don’t know.
   But we are dealing with ‘trust’ at a different level than I’ve
   seen before. Up to now, our trust conversations have centered on
   whether we can be trusted to use customer data as they’d like it
   be used. We’ve talked about trust relative to spam, data sharing
   and the like. These breaches take trust to a much more basic 
   level — can we be trusted to keep our customer data safe and out 
   of the hands of criminals who might do them harm. This is all 
   about data security — something us marketers avoid thinking 
   about, but now must because it has direct brand ramifications.

and his recommendation [2]:

    The framework I see for addressing this challenge is threefold:

    1. Rally the industry and articulate data security/best
       practice guidelines

    2. Encourage companies to apply those guidelines within
       their own environments

    3. Provide a collaboration forum for companies to
       discuss common threats and share best security practices

Security can not be ignored and want to give reasons for receivers 
across the board to accept these new roles, then you must present all 
outputs to help address all DKIM related evaluations, including does 
related to security.



-- 
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com


_______________________________________________
NOTE WELL: This list operates according to 
http://mipassoc.org/dkim/ietf-list-rules.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity", Dave CROCKER
Next by Date:  Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity", Murray S. Kucherawy
Previous by Thread:  Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity", Hector Santos
Next by Thread:  Re: [ietf-dkim] Output summary - proposing ODID "Originating Domain Identity", Michael Thomas
Indexes:  [Date] [Thread] [Top] [All Lists]