On 10/3/2013 11:11 AM, Scott Kitterman wrote:
Alessandro Vesely <vesely(_at_)tana(_dot_)it> wrote:
On Wed 02/Oct/2013 16:52:38 +0200 John Levine wrote:
The IESG has received a request from an individual participant to
make
the following status changes:
- RFC5617 from Proposed Standard to Historic
The supporting document for this request can be found here:
http://datatracker.ietf.org/doc/status-change-adsp-rfc5617-to-historic/
I'm one of the authors of this RFC and support the change.
ADSP was basically an experiment that failed. It has no significant
deployment, and the problem it was supposed to solve is now being
addressed in other ways.
I oppose to the change as proposed, and support the explanation called
for by John Klensin instead. Two arguments:
1) The harm Barry exemplifies in the request --incompatibility with
mailing list posting-- is going to be a feature of at least one
of the other ways addressing that problem. Indeed, "those who
don't know history are destined to repeat it", and the explanation
is needed to make history known.
2) A possible fix for ADSP is explained by John Levine himself:
http://www.mail-archive.com/ietf-dkim(_at_)mipassoc(_dot_)org/msg16969.html
I'm not proposing to mention it along with the explanation, but
fixing is not the same as moving to historic. It seems that it
is just a part of RFC 5617, DNS records, that we want to move.
That's not a fix for ADSP. It's an alternative to it.
ADSP failed. It's time to move on.
Scott K
For DKIM/ADSP investors (folks who put the $$$ into it and got on
board with the IETF for this DKIM support effort), thats really not an
acceptable answer. What are we moving on to, DMARC? Its the same
issue, or is the suggestion that Mailing List Services or middleware
will support DMARC to help protect DKIM signatures from 3rd party abuses?
ADSP did not fail if the same proof of concepts is going to be
repeated with DMARC. As Alessandro stated, we are merely switching
_ADSP to _DMARC zone records with new but similar SOFT (relaxed) vs
HARD (restrictive) rejection policies and handling rules. The same
ones that MLS (Mailing List Services) will have to support as well.
Its no different than ADSP.
Now, what it does say is that DKIM itself is a weaker protocol. There
will no longer be any marketing value for protecting DKIM signatures,
even if its only in IETF theory. No value to compare what a DOMAIN
wanted with its signatures and no protection from abuse whatsoever.
I would say this, if this ADSP historic request was done before the
DKIM request to change to Internet Standard a few months ago, I would
of not supported the IS change for DKIM.
--
HLS