----- Original Message ----- From: "Dave Crocker" <[EMAIL PROTECTED]> To: "IETF DKIM pre-WG" <[email protected]>
> Is it ok with folks to be required to replace essentially all of the > current software, administration and user deployment? I'm not convinced there is sufficient installed base that should preempt making DKIM work right, the "first time." If you believe there is enough of a installed base that makes this a problem, then we already have a problem because this perceived installed base is insecured. Put another way. This vendor is not going to support DOMAINKEYS and there is no way we will implement DKIM without a SSP verification concept. It will be a waste of time and we will not put our customer base in jeopardy by adding "ambiguous" verification ideas that have little to no value. If this world was just one vendor, we can make it work, but that is not the case. We have to work with others. We already have a growing problem of Social Engineering based phishing issues with spammers borrowing "DKEY" domains suchs as YAHOO.COM and GMAIL.COM with the bad actors knowing that they is a HUGE market of systems not processing this information and if they were, these domains have NEUTRAL like policies which makes the verifying system "throw up their hands" with such yahoo and gmail mail, to the extent there is increasing local policy discussions of outright blacklisting these domains. So early adopters, who well knew in advance that the value of this work had no meaningful value with by-far a non-compliant world, was incomplete and/or was plagued with serious security issues, and only added this stuff for the most part for marketing reasons, should not be, in my view, hurt the chances of a very promising technology from being securely maximized when finally deployed with a consistent SSP verification operational behavior expectation across the board. Note I am not suggesting a complete revamp. I don't think it is needed. I am just saying that the idea that backward compatibility support for few installations should not pre-empt "Getting DKIM right, the first time." -- Hector Santos, Santronics Software, Inc. http://www.santronics.com _______________________________________________ ietf-dkim mailing list http://dkim.org
