On 12/5/09 12:30 PM, Hector Santos wrote:
Alessandro Vesely wrote:
Well, for me, it is very hard to continue "discussing DKIM" when it
fundamentally has a known engineering implementation conflict
(unauthorized remailer signatures not supporting ADSP) which not many
are interested in fixing. If that is part of what you mean as "stranded"
then I'm one of them. :)
Specifically the DKIM deployment guide has one section discussing policy
which addresses unauthorized signing threats and another section
regarding remailers that effectively ignores the threats that policy
attempts to address. Can't have it both ways. I specifically ask to fix
the semantics. DKIM supportive Remailers MUST NOT ignore 1st party
policy. It is fundamentally inconsistent to have a protocol designed to
protect mail integrity and unauthorized signings, yet give have an
exemption for remailers.
I have responded to John Levine on the ASRG regarding an alternative to
reputation methods that could be applied in a somewhat automated fashion
that could be easily based upon DKIM signatures, either for the senders
or for the feedback.
There is also a scalable and economical authorization solution that
could be used with little pain, since this would help the sender better
ensure delivery of their message, without messing up who should receive