> > In other words, it is starting to look as if the mechanism for enforcing > > originator/handling linkages needs separate focus from techniques for > > performing authentication. > > > I am trying to figure out "what you are thinking?"
My note stated, as clearly as I can, what I am thinking. > If the latter, then I believe you need to be straight here on your overall > goals. Once again, you are seeking to take the group discussion to an ad hominem focus. Please stop attempting to discuss people's motives or biases. > Can you clear this right away? I can see why you may not want to make it > harder for standards track issues. But it will help to know what are the > "long range" plans. My long-range plan is to get the group chartered and to have the group produce a useful standard as quickly as possible. Therefore, my long-range plan is to seek near-term utility with a minimum of project management risk and the lowest possible barriers to adoption and use. > Dave, lets imagine that DKIM becomes the standard tomorrow and we begin to > receive DKIM messages. We were not DKIM aware yet, but now we see a bunch > of emails with DKIM signatures. So we begin to explore DKIM. > > The first thing we notice that there are a much of DKIM signed messages > purporting to be SIGNED from domains which have NO Policy defined or > conflicting signing policies? > > How do you expect us to handle this? In fact the main reason that I question the need to have most/any of SSP --in the *first* round of standardization -- is that there is quite a bit of utility in exactly the scenario you describe: A message arrives with a signature. *ANY* signature. There is quite a bit of useful information derived from validating that signature, or having the signature fail validation. There is *MORE* useful information if the validator can know that the signature ID is "authorized" by the rfc2822.From domain administrator, but that information is not essential for creating an initial base of utility. The observation that requiring linkages between identifiers and requiring domain-wide signing simply follows from this, and noting that we seem to have 3-4 current examples of independent attempts to solve these problems. Multiple solutions to the same problem impedes Internet-wide interoperability. d/ --- Dave Crocker Brandenburg InternetWorking +1.408.246.8253 dcrocker a t ... WE'VE MOVED to: www.bbiw.net _______________________________________________ ietf-dkim mailing list http://dkim.org
