[mailto:owner-ietf-mxcomp(_at_)mail(_dot_)imc(_dot_)org] On Behalf Of wayne
Despite asking several times on the MASS mailing list, I have
yet to see any data on the false positive rates for DK, IIM,
William's DK-IIM merged system, CSV, or SES. So far, all
I've seen is people claiming that their systems work better
than SPF, with no data to back it up. (Often, there is data
to back up the claim that SPF has false positives, but we
*do* know that.)
They certainly work better in certain circumstances, but at this point I
would not want to publish any data because I don't know how typical those
circumstances and in any case the issue is irrelevant.
DK and SPF have different failure modes. I don't think this is a competition
situation. A system with both schemes is much more effective than either on
its own.
Sure if we started from scratch we would only have one auth scheme. We are
retrofitting a legacy system so expect some pain and duplicated effort.
Both systems can do much better if we present them as a coherent integrated
plan than if we make the mistake of having a standards war. If you think
that is a good idea then Jon Callas and I can tell you just how great the
PGP/SMIME standards war was for both of our companies.
Phill