Dave CROCKER wrote:
It does seem odd to complain about a mechanism that (finally) provides a
certifiably valid identifier on messages, in an environment where 90% of
the traffic across the Internet exploits the fact that there hasn't been
one...
How it is certified? I haven't seen any DKIM message that comes with
a certified identifier. Is there consistency in the certification
across all DKIM verifiers? What do you when it isn't certified which
is 99% of the DKIM signed mail coming in? And how does one leverage
or mitigate this 90% asserted exploitation with DKIM? Should we begin
to reject mail that do not have valid signatures?
Without a domain policy based security wrapper, DKIM remains an
unsecured protocol and currently it is just wasted processing
bandwidth with a huge cost in implementation and management, or just
plain old getting it right, and even then, most people in our market
don't understand what utility it offers them. At present, they
believe the "new badge" will help them look better, but there is no
real evidence that it does anything for them.
--
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf