Dave Crocker writes: > On 7/2/2014 11:03 PM, Stephen J. Turnbull wrote: > > > So perhaps the most useful thing we can do is try to get the wg to > > > formulate 'needs' > > > > I don't see that we have "needs" here. We know how to do this stuff
Let me clarify that by "this stuff" I mean authenticating *some* domain as taking responsibility for injecting the mail. This domain is not necessarily the "organizational domain". The problem I understand you to be excluding is that of mapping from the information in the mail to an organizational domain which *should* be taking responsibility, and which is the source for authoritative information about authentication and authorization. This is a dreadfully hard problem. Even in a "simple" direct mail case, the (human) author, the originating system, the destination system, and the (human) recipient may have different views on "optimal" definition of the organizational domain that the originating system belongs to. These differing views may or may not correspond to issues resulting from interorganizational delegation in the DNS, but that's a biggee (presumably technically solvable, not all of the differences are). On top of that there are the issues of alternative roots (all bets are off?) and the syntactic issues about the difference in component counts between .co.jp and .com. But once somebody digests that hairball, I think we pretty much know what to do with the resulting identifier: put it in d= in the DKIM signature. That's not enough to satisfy Hector and Doug, of course, but that identifier also tells us where to find the information needed to implement the third-party authorization mechanisms they want and propose. Isn't that what you mean by this: > In looking for a word to describe what the wg can reasonably do about > the external work, I settled on 'need' because I think it's /is/ pretty > straightforward for us to describe what we want to /do/ with a reliable > organizational domain mechanism, independent of how the mechanism might > work. I prefer to describe such 'needs' as 'use cases', 6 of one, half dozen of the other I guess, except that 'use case' focuses on what we do, and 'need' focuses on what they do. _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
