On Sun, May 10, 2015 at 4:37 PM, Douglas Otis <[email protected]> wrote:
> ATPS included an onerous task for any third-party service > likely used on a gratis basis. Each third-party was expected > to learn specific hash algorithms of each From domain. A > difficult process on top of changing their structure of DKIM > signatures repeated tens of thousands of times for each > different first party domain. In addition, reputations based > on the third-party relationship could not be leveraged > because of the optional hashing. > I continue to find this repeated claim specious at best. Section 7 of ATPS describes the structure of the experiment and invites feedback from anyone who tries it. Apart from Hector's recent declaration and one hobby user of my open source implementation that enabled it, there has been no feedback from the community at large that anyone has tried it or any variant of it. Given the pain point that a widely adopted authorized third-party signatures scheme (in general, not just RFC6541) would solve, one would think we'd have heard something in this regard in the last three years. Nothing beyond what I just mentioned has materialized. If you intend to claim that this is because of specific aspects in RFC6541 of how the DNS records are generated, I suggest you consider that even small operators don't have a problem computing hashes or populating DNS zones, because computers are good at automating things. Even if they did see those things as burdens, such operators tend to be the sort to provide that kind of feedback even about a protocol they ultimately can't use. Seriously, what person in the email space that you've met in the last N years would not take an opportunity to provide feedback, constructive or otherwise? We are a rather opinionated bunch and love the sounds of our own voices. Someone would've said something by now. But it hasn't happened. TPA has existed even longer than ATPS has, and it has enjoyed similarly goose-egg-shaped amounts of adoption. DSAP was around even before that, and the story is the same. What they all have in common is that they are not even close to something that serious operators would be willing to try. They are plagued by -- you guessed it -- the registration problem. Absent a change in that posture by the community at large, this is manifestly a dead end, and we really, seriously, need to stop burning any more of our precious cycles on it. -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
