On Tue, 30 Nov 2004, Meng Weng Wong wrote:
if SPF passes, auth passes.
if DK passes, auth passes.
SPF and DK two different technologies, one protects the session, another
one the content - they are on different layers of of email security and
not parallel to each other. Please don't mix it up in people's minds that
they should provide security as either one or the other. Both should be
used and both should pass and if one does not it just means it did not
pass it does not mean you should now rely on the other one, nor does it
mean that if one passes (i.e. session authentication) you are now free
not to do the content mail signatures check.
Email security should be done so that both technologies work and
not be done as conglomerate of half-broken systems!
DK may fail on mailing lists, but SPF will pass.
There are better mail signature technologies then DK that protects content
and do not break on mail lists.
that's why teams have many players: if one misses the ball,
someone else still has a chance to save.
I'm beginning to get horrified by your continuing analogies to real world
which do not properly represent the situation, again you're only confusing
people. But since you started it, I'll just mention that teams are not made
up of players where one player has no right hand and another one has no
left hand!
Each one of the "players" must be fully capable on his own and if he misses
it just means "ball" did not go his way (i.e. no records published if you
want an ananlogy back to email security), not that he actually missed
because he did not have the right body parts to handle it.
that's the philosophy from Unified SPF. :)
That is not a philosophy of Unified SPF, please see the following message
that you yourself made about what Unified SPF is:
http://archives.listbox.com/spf-discuss(_at_)v2(_dot_)listbox(_dot_)com/200406/0874.html
And also see the following (never published as IETF ID) draft:
http://spf.pobox.com/unified/id/uspf-1-unified-00.txt
I can tell you right now that I'll continue to push the agenda on SPF
(especially if I'm elected to the council) that this be considered
future UnifiedSPF and future agenda for SPF community.
---
William Leibzon, Elan Networks:
mailto: william(_at_)elan(_dot_)net
Anti-Spam and Email Security Research Worksite:
http://www.elan.net/~william/emailsecurity/