----- Original Message -----
From: "Dave Crocker" <dhc(_at_)dcrocker(_dot_)net>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>; "Sam Hartman"
The technology is, how should I put it without
offending anyone? "half-baked"
Please list the specific technical inadequacies that
prevent deployment and use.
If Thomas's posted draft DKIM verification algorithm:
http://www.imc.org/ietf-mailsig/mail-archive/msg01974.html
is the model that will fitted into the specification, it needs some work.
See my DKIM Verification Algorithm message.
http://www.imc.org/ietf-mailsig/mail-archive/msg02046.html
This should say it all. It shows all possible outcomes of the verification.
It all needs to be satisfied because these are all the possibilities that
could occur.
I believe you might suggest the comments are "implementation" specific.
If so, I would respectfully disagree. IMO, DKIM has very little if honoring
the OA SSP is not 100% respected. That is not to suggest that a malicious
implementation or usage will be compliant, but highlights what are the
expectations of the system.
Dave, so please do not feel I am knocking it. I wouldn't be looking at it
if I didn't feel it has promise and feel it does have high value. But not
in its current state. I believe what I stated in the message has to be
considered. Both ends of the software need to be sync.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com