ietf
[Top] [All Lists]

Re: DMARC and yahoo

2014-04-16 06:07:49
This is mostly a test with my junk yahoo.com testing account to see what 
happens here.   

Stephen, you are right, but we have been on this for over 9 years.  With all 
due respect to Crocker and Levine, who fought  hard against DKIM Security 
Policy based solutions starting with SSP, then ADSP which Levine authored as a 
poison pill many believe, he never supported his own work. The industry was 
quite aware of what was coming and it took DMARC, an external development, 
which Eric Allman predicted would happen when SSP was demoted by ADSP, to 
highlight the very high interest in the technology and tremendous need for an 
self-signing, low cost, email authentication protocol. DKIM was it and without 
a policy that Crocker and Levine tried to remove, the payoff was low and 
signatures were worthless.   So we have to give some credit to Yahoo for 
pushing the issue, finally.   Some will continue to fight it and  some will 
continue to work with it.   I choose to work with it now as I did with ADSP.

--
HLS via Yahoo
On Wednesday, April 16, 2014 6:13 AM, Stephen Farrell 
<stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie> wrote:
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 04/16/2014 03:23 AM, Michael Richardson wrote:


So, as a WG chair, a person known to me just tried to post to the
list From a brand new yahoo.com mail account.  They aren't
subscribed with that address.  I would normally just approve, and
add them...

It seems to me that I must now actually reject, because it would
affect other subscribers.

I'm now thinking that we need to remove all the @yahoo.com
addresses from posting to ietf mailing lists.


This is probably obvious, but had gmail.com done what yahoo.com
has done, that could I guess have a pretty significant impact on
the IETF getting stuff done for a while since a lot of folks in
the last few years seem to have migrated their IETF mail to
gmail.com as a reasonable way to get around corporate this-and-that
issues.

Maybe people who've done that might want to consider whether its
such a good plan for so many IETF participants to be dependent on
just one service now that we have a demonstration that s/none/reject/
in one TXT RR can have such an impact.

S.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQEcBAEBAgAGBQJTTle3AAoJEC88hzaAX42i7jQIALBIZ3Z+jp1RbGCiJp4IVztN
qWa0aEUcx2Skp4gtM/vQnEEsCjYFAnRaoMofJqyUBuvTs3H0q/GMkcONcOPJW6wH
R/HpKKr24UpYsfpdYKx99b7D27kVNgzML3e0bD3csR1MNC/yR7wvsnTHTwbv2mxk
eb7O5Wp6kvKw/gRYjPHncMPSgBUyc+KixY6IDHzDk4IdCQP4CyVkhI4EV7dlu8nM
T1RNhljdzCmJBLd0y1USS1UmKrPVhoFgBXShvnxabseqJN/m2bz5WVSuJgIwWRov
duU5vRgbdQ5jTn9TBzEPdJ5LRbQczlHyLVdnjvOHApQ8HtNrQxKOe89C0b32+7A=
=cS/m
-----END PGP SIGNATURE-----
<Prev in Thread] Current Thread [Next in Thread>