ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: So here it is one year later...

2005-01-31 11:38:33
from [wayne] [Permanent Link] 

In 
<C6DDA43B91BFDA49AA2F1E473732113E010BEF8B(_at_)mou1wnexm05(_dot_)vcorp(_dot_)ad(_dot_)vrsn(_dot_)com>
 "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com> writes:


The main point of the Web page seems to be that Domain Keys/IIM does the
whole thing much better.

Like we did not know that already, [...]


Actually, that is something I don't know.

Despite asking several times on the MASS mailing list, I have yet to
see any data on the false positive rates for DK, IIM, William's DK-IIM
merged system, CSV, or SES.  So far, all I've seen is people claiming
that their systems work better than SPF, with no data to back it up.
(Often, there is data to back up the claim that SPF has false
positives, but we *do* know that.)

SPF breaks forwarding unless the sender uses SES, the forwarder uses
SRS, or the receiver uses a whitelist.

DK breaks mailing lists, and from what I can tell from reading MASS,
the DK folks don't see that as a problem.  The other crypto systems at
least *try* to not break mailing lists, but it not at all clear how
well they do in practice.  (SES looks like it will do the best, but it
requires some sort of call-back to work.)


CSV breaks very little, but no one really seems to care.  Despite
having *FAR* more publicity in the 9(?) months since it was first
announced, far fewer people are using its HELO checking than were
using SPF's HELO checking in the first 6 months since it was
announced.  Of course, the real growth of SPF didn't happen until
after 6 months since it took that long to get a slushy spec done.


I really like the ideas behind the crypto systems, but they have a
bunch of technical problems with them that haven't been figured out
yet.  Considering that the technical problems with both crypto systems
and IP systems have been pretty obvious since the spring of 2003, I'm
not sure that good solutions will be found for either type of system.
It was based on my analysis of the various technical problems will all
systems that I decided that IP based solutions would have the most
potential and therefore I started helping out with SPF.  18 months
later, it still looks like I made the right choice.


So, please, before you go claiming that DK/IIM is "better", provide
some data to back up that claim.


-wayne
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: So here it is one year later..., Alan DeKok
Next by Date:  Re: So here it is one year later..., wayne
Previous by Thread:  RE: So here it is one year later..., Hallam-Baker, Phillip
Next by Thread:  Re: So here it is one year later..., Jim Fenton
Indexes:  [Date] [Thread] [Top] [All Lists]